The U.S. Computer Emergency Readiness Team (CERT) has disclosed the discovery of defects in an fundamental component of everyday Web operations.

The flaw was found at the heart of the Domain Name System — the Web “phone book” for translating Web URLs into the numerical IP addresses that networking computers use to deliver data. According to CERT, hackers could use a technique called DNS cache poisoning to place forged DNS notes into the cache of a name server at any Web domain.

“An attacker with the ability to conduct a successful cache-poisoning attack can cause a name server’s clients to contact the incorrect, and possibly malicious, hosts for specific services,” CERT said. “Consequently, web traffic, e-mail and other fundamental network input can be redirected to systems under the attacker’s control.”

A Flaw in the Core

The underlying DNS defects were brought to CERT’s attention by Web shield expert Dan Kaminsky, the director of penetration examining

“There’s a bug in DNS, the name-to-address mapping system at the core of most Web services,” Kaminsky said. whether “DNS goes poor, every Web site goes poor, and every e-mail goes somewhere,” but “not where it was supposed to,” he added.

Software companies across the industry have been quietly collaborating to simultaneously release patches for virtually all the affected name servers, Kaminsky said. “We got everyone into a room and hammered out a plan,” he recalled in a blog. “After an huge and secret effort, we’ve got fixes for all major platforms, all out on the same day.”

However, the specific nature of the vulnerability is still being kept under wraps to prevent hackers from knowing precisely where to look.

“This is actually a flaw in the core of DNS itself,” Kaminsky said in a recent network safety measure podcast. “What that means is that it isn’t something…

Orginal post by Mike

Gizmo News Electronic Gadget Computers Reviews Games Gadgets Mechanical