UK controls Internet security
US just claims ownership
:nana:
A SERVER IN THE UK is all that stands in the way of a huge security exploit which is based on a cunning plan by the US' largest ISPs to make a buck out of punters who mistype web addresses.
IOActive security researcher Dan Kaminsky found the flaw and promptly warned Earthlink and its technology partner, a British ad company called Barefruit, who patched it.
However he warned that the danger of the hack remains as the entire security of the internet is now dependent on what he graciously dubbed some "random-ass server run by some British company".
Since 2006, Earthlink has intercepted Non-Existent Domain (NXDOMAIN) response and sends the IP address of ad-partner Barefruit's server in Blighty. It will then give a list of suggestions for what site actually wanted.
However, if there is nothing like a suitable site that Barefruit can look up you get an Earthlink/Barefruit ad in the browser.
Kaminsky claims that this meant that the whole operation was only as secure as Barefruit's servers, which weren't really. Its servers are vulnerable to a malicious Javascript attack and hackers could have crafted special links to unused subdomains of legitimate websites that would deliver any nasty content the hacker liked.
He said that, while Barefruit fixed the immediate Javascript hole, the underlying problem is that ISPs should not be pretending to be sites that don't exist.
Wired quoted DNS expert Paul Vixie, who is the president of the nonprofit Internet Systems Consortium, who said that the problem was not with the core Internet protocols, which he could fix, but was due to the fact that ISPs were trying to to make cash off certain DNS features.
Barefruit's Dave Roberts was quoted as saying that all it was doing was providing an improved Internet user interface by replacing unhelpful and confusing error messages with alternatives relevant to what the user was seeking.
US just claims ownership
:nana:
A SERVER IN THE UK is all that stands in the way of a huge security exploit which is based on a cunning plan by the US' largest ISPs to make a buck out of punters who mistype web addresses.
IOActive security researcher Dan Kaminsky found the flaw and promptly warned Earthlink and its technology partner, a British ad company called Barefruit, who patched it.
However he warned that the danger of the hack remains as the entire security of the internet is now dependent on what he graciously dubbed some "random-ass server run by some British company".
Since 2006, Earthlink has intercepted Non-Existent Domain (NXDOMAIN) response and sends the IP address of ad-partner Barefruit's server in Blighty. It will then give a list of suggestions for what site actually wanted.
However, if there is nothing like a suitable site that Barefruit can look up you get an Earthlink/Barefruit ad in the browser.
Kaminsky claims that this meant that the whole operation was only as secure as Barefruit's servers, which weren't really. Its servers are vulnerable to a malicious Javascript attack and hackers could have crafted special links to unused subdomains of legitimate websites that would deliver any nasty content the hacker liked.
He said that, while Barefruit fixed the immediate Javascript hole, the underlying problem is that ISPs should not be pretending to be sites that don't exist.
Wired quoted DNS expert Paul Vixie, who is the president of the nonprofit Internet Systems Consortium, who said that the problem was not with the core Internet protocols, which he could fix, but was due to the fact that ISPs were trying to to make cash off certain DNS features.
Barefruit's Dave Roberts was quoted as saying that all it was doing was providing an improved Internet user interface by replacing unhelpful and confusing error messages with alternatives relevant to what the user was seeking.