Internet Security Flaw 'Worse Than Realised'

A recently-discovered security flaw in fundamental operation of the Internet could be much more serious than first believed. Every form of network, including email services, could be vulnerable.

Dan Kaminsky, the security expert heading efforts to solve the problem, told a Las Vegas convention that the central problem can be exploited in at least 15 different ways.

As we recently reported, the heart of the problem is the Domain Name System (DNS), which translates website addresses into the identifying number of the particular computer where the content of site is physically stored.

A key stage of the DNS process turned out to be allocating identifying numbers in sequential order rather than randomly. The specific situation that caused the recent scare involved the way Internet firms stored copies of popular pages on their own servers to speed up access. The DNS flaw made it far too easy for hackers to figure out ways to replace genuine pages with their own bogus coding.

However, Kaminsky revealed that the same flaw could theoretically cause problems in many different computer processes, including email systems and even the security layers used for 'secure' sites. (Source: theregister.co.uk)

The situation is not necessarily so dire, however. Ken Silva, head of technology at VeriSign (which controls the .com and .net 'directory') says the firm had been aware of the theory behind the flaw for several years and had planned around it. Indeed, the basic process hackers use to exploit this flaw is nothing new: Kaminsky's discovery merely involved ways criminals could carry off such attacks in a more efficient and speedy manner.

The good news is that the scare has led to unprecedented levels of co-operation between rival computer firms and security researchers. However, while the industry continues working to combat hackers, Silva points out that "The biggest gap in security rests between the keyboard and the back of the chair." (Source: bbc.co.uk)