ACM TechNews
With Security at Risk, a Push to Patch the Web
New York Times (07/30/08) P. A1; Markoff, John
Security researcher Dan Kaminsky has been urging companies to fix a
potentially dangerous flaw in the Domain Name System that could allow
hackers to redirect Internet traffic to copies of legitimate sites to steal
financial and personal information. Kaminsky warned Internet service
providers (ISPs) about the flaw before releasing information about it to
the public. Kaminsky had not planned to release specifics about the flaw
until August, but accurate details of the flaw were briefly published
online by a computer security firm, apparently by accident. Kaminsky says
he wanted to give Internet companies more time to patch the flaw. He
estimates that 41 percent of the Internet is still at risk. Kaminsky's
plan to eventually release specific details about the flaw will make it
easier for criminals, but also pushes ISPs to patch the flaw as quickly as
possible. Kaminsky's discovery and warning of the flaw highlights a
greater problem with the Internet. Kaminsky believes that full disclosure
of security threats can push network administrators to take action. "We
need to have disaster planning, and we need to worry," he says. Experts
say the rush to repair the flaw is a reminder that the Internet lacks an
entity to oversee the online activities of millions of users. "This drives
home the risk people face, and the consumer should get the message," says
VeriSign's Ken Silva. "Don't just take for granted all the things that
machines are doing for you."
http://www.nytimes.com/2008/07/30/technology/30flaw.html
© Copyright 2008 Information, Inc. This service may be reproduced for internal distribution.