CYBERSPACE – A fundamental flaw in the internet that could have allowed hackers to control all of cyberspace was patched Tuesday, but security experts are warning users to be on guard for cyberattacks on un-patched servers and individual PCs.The vulnerability in the Domain Name System could have allowed hackers to take control of all traffic on the Web, rerouting surfers to any designation the hackers chose regardless what address was typed into a browser.
The flaw was discovered about six months ago, and a team of computer industry giants including Microsoft, Sun and Cisco has been scrambling ever since to create a patch that could be distributed at once to all computer operating systems. Computers that employ any version of Microsoft’s Windows OS were patched overnight Tuesday if their owners had them set to receive and install software updates automatically.
Still, the so-called “DNS cache-poisoning” vulnerability may exist in hundreds of thousands of machines worldwide, creating a monumental opportunity for phishers and distributors of malware.
The U.S. Computer Emergency Readiness Team (CERT), a joint government-private sector security partnership, issued a global warning: “An attacker with the ability to conduct a successful cache-poisoning attack can cause a nameserver’s clients to contact the incorrect, and possibly malicious, hosts for particular services.
“Consequently, Web traffic, email and other important network data can be redirected to systems under the attacker’s control.”
Security researcher Dan Kaminsky of IOActive, the man who accidentally stumbled across the flaw, told American Free Press. “People should be concerned but they should not be panicking. We have bought you as much time as possible to test and apply the patch. Something of this scale has not happened before.”
Concerned users may visit the website Doxpara.com to determine whether their systems are vulnerable to the flaw. Kaminsky designed the page and was instrumental in coding the software patch. He said the patch can’t be “reverse-engineered” by hackers who want to know how to take advantage of the flaw. Details about the flaw are being kept secret for a month in order to allow users and system administrators time to update and test their systems.
