[At-Large] NY Times: Domain name system flaw causes security risk

[Brendler, Beau]

http://www.nytimes.com/2008/07/30/technology/30flaw.html?em&ex=1217649600&en=0be99c4e3c8f3c15&ei=5087%0A

Excerpt:

"The flaw that Mr. Kaminsky discovered is in the Domain Name System, a kind of automated phone book that converts human-friendly addresses like google.com into machine-friendly numeric counterparts.

The potential consequences of the flaw are significant. It could allow a criminal to redirect Web traffic secretly, so that a person typing a bank’s actual Web address would be sent to an impostor site set up to steal the user’s name and password. The user might have no clue about the misdirection, and unconfirmed reports in the Web community indicate that attempted attacks are already under way.

The problem is analogous to the risk of phoning directory assistance at, for example, AT&T, asking for the number for Bank of America and being given an illicit number at which an operator masquerading as a bank employee asks for your account number and password.

The online flaw and the rush to repair it are an urgent reminder that the Internet remains a sometimes anarchic jumble of jurisdictions. No single person or group can step in to protect the online transactions of millions of users. Internet security rests on the shoulders of people like Mr. Kaminsky, a director at IOActive, a computer security firm, who had to persuade other experts that the problem was real." 




****************************************************************************
********
SCANNED

****************************************************************************
********