Advertising

The Seattle Times Company

NWjobs | NWautos | NWhomes | NWsource | Free Classifieds | seattletimes.com

The Seattle Times Winner of Eight Pulitzer Prizes

Business / Technology


Our network sites seattletimes.com | Advanced
Quick links: Traffic | Movies | Restaurants | Today's events | Video | Photos | Interactives | Blogs | Forums | Subscriber Services
Contact us

Originally published Thursday, July 10, 2008 at 12:00 AM

Print

Patch on way for Net security flaw

Security researchers say they have discovered an enormous flaw that could let hackers steer most people using corporate computer networks...

By Joseph Menn

Los Angeles Times

Security researchers say they have discovered an enormous flaw that could let hackers steer most people using corporate computer networks to malicious Web sites of their own devising.

For bad news, that's pretty impressive. But there are two pieces of good news: First, no bad guys are known to be capitalizing on the flaw yet. And second, in a possibly unprecedented display of industry cooperation, virtually every major software company affected is issuing patches fixing the problem.

System administrators will have 30 days to apply those patches — from the likes of Microsoft, Sun Microsystems, Red Hat and others — before the details of the flaw are disclosed at the Black Hat security conference in Las Vegas.

Security experts — including the man who discovered the flaw, Dan Kaminsky of security outfit IOActive — hope that the patches are broad enough that evil types won't be able to reverse-engineer them and figure out how to exploit the vulnerability before the details are released next month.

"We got lucky in this particular bug, because it's a design flaw," Kaminsky said in an interview. "It shows up in everyone's network, but the fix is a design fix that doesn't point directly at what we're improving."

US CERT, the Computer Emergency Readiness Team at the U.S. Department of Homeland Security, issued an alert Tuesday on the scope of the problem. CERT didn't go into all the backroom dealing that brought so many companies together for the patch, but it made the initial discovery seem like child's play.

"It took a couple of hours to find the bug," said Kaminsky, "and a couple of months to fix it."

Kaminsky said he stumbled across the hole in the so-called DNS system for steering people to the Web sites they are seeking "by complete and total accident." Smaller DNS flaws have been used before to "poison" the servers that send people to the numerical address of the Web site name they type in. But the newest failing is at least one order of magnitude bigger, and perhaps several.

"This is about the integrity of the Web, this is about the integrity of e-mail," Kaminsky said. "It's more, but I can't talk about how much more."

Copyright © 2008 The Seattle Times Company

More Business & Technology headlines...

Print      Share:    Digg     Newsvine

advertising

More Business & Technology

UPDATE - 09:46 AM
Exxon Mobil wins ruling in Alaska oil spill case

UPDATE - 09:32 AM
Bank stocks push indexes higher; oil prices dip

UPDATE - 08:04 AM
Ford CEO Mulally gets $56.5M in stock award

UPDATE - 07:54 AM
Underwater mortgages rise as home prices fall

NEW - 09:43 AM
Warner Bros. to offer movie rentals on Facebook

Advertising

Video

Marketplace

 
Most read
Most commented
Most e-mailed
 
 
  1. Madrona dad killed by stray bullet as he drove through Central Area
  2. SPU surprises neighbors with sale of Queen Anne rec property
  3. Beer-drinking bridge builders will get training from a counselor
  4. Matt Flynn has good day in Seahawks' 3-way QB competition
  5. Boy's pat on president's head captured for history
  6. Why dealing for Kellen Winslow makes sense for Seahawks | Steve Kelley
  7. Police arrest New Jersey man who confessed to killing Etan Patz
  8. Amazon addresses criticism at meeting
  9. Driver fatally shot in Central Area
  10. Sources: DOJ sends letters to city blasting police-reform efforts
  1. Opponents of gay-marriage law say they have enough signatures Comments826
  2. Mariners try to extend some other team's misery for a change Comments337
  3. Madrona dad killed by stray bullet as he drove through Central Area Comments220
  4. Komen controversy hurting Race for the Cure Comments205
  5. Sources: DOJ sends letters to city blasting police reform efforts Comments135
  6. Typical CEO made $9.6M last year, AP study finds Comments99
  7. Driver caught in crossfire, fatally shot in Central Area Comments89
  8. Mariners manager Eric Wedge says releasing Chone Figgins not a consideration and that Casper Wells was odd man out Comments65
  9. It's been great; see you soon in my new columns Comments61
  10. Eric Wedge not happy with Mariners after 14-strikeout perfromance versus Dan Haren Comments60
  1. Madrona dad killed by stray bullet as he drove through Central Area
  2. Dig into colorful history at Oregon's John Day Fossil Beds
  3. Get a sitter — please — for these 10 great date-night restaurants | All You Can Eat
  4. SPU surprises neighbors with sale of Queen Anne rec property
  5. Beer-drinking bridge builders will get training from a counselor
  6. Boy's pat on president's head captured for history
  7. Zumiez rebounds from recession better than most
  8. Driver fatally shot in Central Area
  9. Gates Foundation grants give local groups a boost
  10. Downtown building fetches $55M, thanks to Amazon effect

Most viewed imagesMore

Advertising