-
-
Computer hackers: Internet flaw sparks biggest security fix in web history
A flaw in the way the internet works has prompted the "largest security update" in the history of the web, and fears of millions of people remaining exposed to criminals and malicious hackers.
Microsoft was among net companies yesterday which announced action to close the loophole that has potentially affected every site on the web.
The bug was spotted this year by Dan Kaminsky, a director at the American security specialist IOActive, who immediately contacted big technology firms to alert them to the problem.
The scam involved hijacking internet addresses and sending surfers to websites other than those they intended to see. By this route criminals stood the chance of tricking victims into handing over personal details or making payments to the wrong people.
Details of the bug, which uses a technique known as "cache poisoning", have not been made public. The idea is to let firms find a solution before hackers learn how to exploit the situation further.
"Computers use the equivalent of address books to figure out where they need to go on the web. This attack could compromise that by attacking the servers that give out the addresses," said Rich Mogull, of the US-based firm Securosis.
Although there is no evidence of the bug being exploited by hackers, news of the flaw drew an unprecedented response from the technology industry. Large companies, including Microsoft and Cisco Systems, scrambled to fix the problem.
"This is the largest synchronised security update in the history of the internet," said Kaminsky. "The severity of this bug is shown by the number of those who are on board with patches."
As fixing the problem is largely the duty of those who operate the millions of web servers, which hold all the information on the internet, rather than those who use the web, most computer users will not have to do anything.
However, a failure to update software could mean surfers still being at risk. And the fixes may not make things entirely safe. The US Computer Emergency Readiness Team, an American agency which deals with security breaches, said that even the changes put forward by Microsoft and others would not remove all possibilities of a hijack. "It is important to note that without changes to the DNS [domain name system] protocol these mitigations cannot completely prevent cache poisoning," said the agency on its website. A flaw in the way the internet works has prompted the "largest security update" in the history of the web, and fears of mill... more -
Top-secret al-Qaeda documents casually left on train
"Top-secret documents containing the latest government intelligence assessment on al-Qaeda have been left on a train in London.
A passenger on the train from Waterloo to Surrey spotted the orange cardboard envelope lying abandoned on a seat and handed the documents to the BBC.
A full-scale search had been launched by the Metropolitan Police.
Just seven pages long but classified as "UK Top Secret", the latest government intelligence assessment on al-Qaeda is so sensitive that every document is numbered and marked "for UK/US/Canadian and Australian eyes only", BBC security correspondent Frank Gardner said."
You want us to believe that you can keep sensitive data about your citizens in the highest of security and yet you repeatedly demonstrate the contrary with breaches like this. "Top-secret documents containing the latest government intelligence assessment on al-Qaeda have been left on a train in London. ... more -
All three presidential candidates passport files were breached
Secretary of State Condoleezza Rice on Friday told Sen. Hillary Clinton that the security of her passport file were breached in 2007, according to Clinton's Senate official.
The revelation came shortly after Rice said she hed apologized to Clinton's Democratic presidential rival Sen. Barack Obama for the unauthorized viewing of his passport file by contractors working for the State Department.
Two contractors were fired and a third was disciplined after they accessed Obama's file, State Department spokesman Sean McCormack said Thursday.
Rice told reporters on Friday that she had apologized to Obama and that the breaches would be investigated.
"I told him I was sorry and I told him that I myself would be very disturbed in anyone had looked at my passport filed and that, therefore, I will stay on top of this," Rice said.
*****UPDATE: The State Department confirms John McCain’s passport file was breached as well as Obama and Clinton's files.***** Secretary of State Condoleezza Rice on Friday told Sen. Hillary Clinton that the security of her passport file were breached in 2007, ... more -
Security breach at Heathrow Airport
A man carrying a rucksack managed to climb over the perimeter fence then run into the path of an aircraft at Heathrow Airport. He was quickly surrounded by armed police and no-one has been reported hurt.
An investigation into how a man was able to get onto Heathrow Airport runway in the current political climate is probably in the pipelines.
The Queen is reportedly still attending the grand opening of the controversial Terminal 5 tomorrow. More at the link: A man carrying a rucksack managed to climb over the perimeter fence then run into the path of an aircraft at Heathrow Airport. He was ... more
-
related topics
Security Breach
Contributors (33)
Security Breach
