|Телеком||ТВ и медиа||Облака||ПО||Кадры|
|ИТ в образовании||ИТ в медицине||Big Data||E-commerce||Спутниковая связь|
|Все новости||World News|
Expert warns against major Internet security flaw
|11 августа 2008|
A network security expert reaffirmed his warning about a major Internet flaw that hackers can use to attack corporate or even personal networks.
Security expert Dan Kaminsky's renewed warning follows a major Justice Department crackdown on an alleged international ring of computer hackers accused of selling millions of credit and debit card numbers and breaking into the networks of major U.S. retailers.
Kaminsky has been credited with identifying a serious gap in Internet security that allows hackers to redirect users to fraudulent sites where they are tricked into disclosing personal information.
Kaminsky recently worked with major corporations, including Microsoft Corp. to come up with a fix for the problem which affects the Domain Name System, or DNS, which helps direct users to specific Web sites. The security patch was released last month, although Kaminsky said many networks remain vulnerable.
"The thing to realize is there are bad guys out there," Kaminsky, who spoke at this week's Black Hat USA network security conference in Las Vegas, said in a telephone interview."They are not just the mythical boogeyman."
The flaw Kaminsky helped uncover enables hackers to lure users to a fraudulent site, even if they type in the correct address, by exploiting a flaw in the network. Kaminsky compared the security risk to a Bingo game in which one player, the hacker, is playing with thousands of sheets against other players who only have one each.
"The guy is going to win a lot," he said. The solution, he added, essentially involves "putting more numbers on each sheet" known only to the users to make it far more difficult for hackers to break in.
Kaminsky said given the global reach of networks and of groups trying to break into them, fixing the problem involved working with major corporations, including software giants such as Microsoft.
This was underscored by this week's indictment of 11 alleged hackers who were accused of breaking into the networks of nine major U.S. retailers and stealing more than 40 million credit and debit card numbers.
Only three of defendants are U.S. citizens, while the rest are from such countries as Estonia, Ukraine and China.
"They exploit the fact that law enforcement in a globalized world is a very difficult proposition," Kaminsky said.
Zot O'Connor, a security strategist at Microsoft, also echoed the importance of working across boundaries.
"No one DNS server provider can fix the problem," O'Connor said on the Microsoft ecosystem strategy team blog."A combination of our experience in working across boundaries, the dedication of the convened group and the support of global security communities showed how we can collectively provide protection for the ecosystem."
Zulfikar Ramzan, a technical director at the software security giant Symantec Corp., said major Internet service providers are generally vigilant, but he also noted that "there are many entry points one can find."
"How do you protect the perimeter when there is no perimeter?" he said.
Источник: Total Telecom