The United States Department of Homeland Security confirmed on Tuesday the existence of a massive flaw in Internet security that would have allowed any hacker to redirect Internet traffic to pages websites at your whim. Thanks to this error, any security expert online could collect personal information from Internet users, such as bank account details or personal identification numbers.
For the first time, a massive failure does not simply concern users' personal computers, which on numerous occasions are infected by viruses that redirect their browsers to pages where they can fall into the network of so-called fraud. hackers On this occasion, the error was in the very intricacies of the Internet, in the so-called Domain Name System, the immense database that contains the correspondence of domain names with IP addresses and stores the location of email servers. .
This flaw in the Internet's large virtual address book was discovered six months ago by network expert Dan Kaminsky. "I found it by accident," explains this computer scientist. "I was looking at something that has nothing to do with security." Upon analyzing it he realized the titanic dimensions of the failure. "This problem didn't just affect Microsoft or Cisco, it affected everyone."
Kaminsky immediately submitted a detailed report to the US Government. Throughout this time, the matter was kept secret while the major Internet providers worked together on a massive update of that solved the problem. In March, Kaminsky and 15 other analysts met at Microsoft headquarters in Redmond, Washington State, to propose solutions to the security flaw.
Together they created a security patch that each and every one of the security providers will apply. software. Microsoft, Cisco and Sun already began distributing it as an automatic download last Tuesday. "This will be the largest synchronized improvement to Internet security in history," the Department of Homeland Security said in a statement released through its Computer Security and Response Team. "A potential attacker could have easily taken over portions of the Internet, and could have redirected users to arbitrarily chosen malicious locations."
Kaminsky, who tried to tone down the alarm in cyberspace by asking "people to worry, but not panic," launched the websites doxpara.com, where Internet users can check if their computers are vulnerable to the failure. The analyst will keep the details of the error secret for a month, until the network connections have been updated.
Network experts have called this initiative one of the most important joint business efforts in the history of cyberspace. "This is a massive patch created jointly by vendors to get around this flaw in Internet addresses," Jeff Moss, founder of the Las Vegas Black Hat security symposium, explained to the AFP agency. "This is the type of flaw that would allow someone who wants to go to google.com to end up visiting any address the attacker wanted." If the hackers If they had decided to attack companies, they could even have "hijacked" their email, with crucial information for their managers.