Business

<< Previous   of   Next >> Associated Press  (click to enlarge) Dan Kaminsky is director of penetration testing for Seattle-based computer security consultant IOActive Inc.   ADVERTISEMENT   CONTACT THE HERALD Mike Benbow, Business Editor benbow@heraldnet.com   Published: Sunday, August 10, 2008 Scams thrive in Net security hole Associated Press SAN FRANCISCO -- A giant vulnerability in the Internet's design allows criminals to silently redirect traffic to Web sites under their control. The problem is being fixed, but its extent remains unknown and many people are still at risk. The gaping security hole enables a scam that targets ordinary people typing in a legitimate Web address. It happens because hackers are now able to manipulate the machines that help computers find Web sites. If the trick is done properly, computer users are unlikely to detect whether they've landed at a legitimate site or an evil double maintained by someone bent on fraud. Security experts fear an open season for virus attacks and identity-fraud scams. "It's kind of like saying, 'There's a bunch of money on the street. If you can get over there soon enough, you can get it,' " said Ken Silva, chief technology officer for VeriSign Inc., which manages the ".com" and ".net" directories of Internet addresses. "It's something the industry is taking seriously. You'd be in a bad place if you weren't doing something about it." The bug's existence was revealed nearly a month ago. Since then, criminals have pulled off at least one successful attack, directing some AT&T Inc. Internet customers in Texas to a fake Google site. The phony page was accompanied by three programs that automatically clicked on ads, with the profits for those clicks flowing back to the hackers. There are likely worse scams happening that haven't been discovered or publicly disclosed by Internet service providers. "You can bet that the (Internet providers) are going to stay tight-lipped about any attacks on their networks," said HD Moore, a security researcher. The AT&T attack probably would have stayed quiet had it not affected the Internet service of Austin, Texas-based BreakingPoint Systems Inc., which makes machines for testing networking equipment and has Moore as its labs director. He disclosed the incident in hopes it would help uncover more breaches. The underlying flaw is in the Domain Name System (DNS), a network of millions of servers that translate words typed into Web browsers into numerical codes that computers can understand. Getting from one place to another on the Internet typically requires a trip through several DNS servers, including some that accept incoming data and store parts of it. That opens them up for potential attack. What this means is that a computer user in say, San Francisco, might type www.yahoo.com and head straight to the real Yahoo site, while at the same moment, a user in New York -- whose traffic is routed through different DNS servers -- might type that same Web address and end up on a phony duplicate site. Scant details have been available about how the vulnerability works. The researcher who discovered it, Dan Kaminsky of Seattle-based computer security consultant IOActive Inc., announced July 8 that he'd found a major weakness in DNS. But he kept the rest secret because he wanted to give companies that run vulnerable servers a month to apply patches -- software tweaks that cover the security hole. He coordinated with Microsoft Corp., Cisco Systems Inc., Sun Microsystems Inc. and other major vendors to simultaneously issue patches.

1. Teen dies after Granite Falls crash 2. Bikini coffee stands to be regulated as adult entertainment 3. Sultan brothers plead guilty in death of rival gang member 4. Body found after house catches fire north of Bothell 5. Gregoire unveils budget with deep cuts, will press for tax hikes 6. Grief and gratitude expressed for four slain officers 7. Two teenagers hurt in crash near Granite Falls 8. Friends and family honor Clearview couple who loved always 9. Roe appointed interim county prosecutor 10. Arlington's budget is ‘bare bones' 2 - Top 10 Stories Most Talked about 3 - Top 10 Stories Most Emailed

• Zambian woman thanks students for their help • Food banks see rise in use • ‘Making Spirits Bright’ in Edmonds • Wolfpack takes aim at state • Seahawks help students smile • 95 and still volunteering • Sno-King joined by local TV king • Veterans back for Wildcats • Lynnwood seeks to plug $2 million budget gap • Snohomish County offers the best and most affordable venues for conferen ... • Boeing will build, flight test and deliver 787s in South Carolina to spe ... • Snohomish County EDC promoting job growth in key industry clusters • $4 million grant to advance brain tumor research has Everett links • Providence medical center construction tops off its 12-story steel frame ... • Tulalip affordable housing project to be financed by KeyBank, Raymond Ja ... • Arlington's Lak of Ink has a growing following for Luke Kooyman's creati ... • Bank of the Northwest formed