Forbes reports that a massive security hole has been
discovered in the base design of DNS addressing on the internet. They quote Ken
Silva, chief technology officer for VeriSign who manages dotcom and dotnet
addressing on the internet. Ken says: "There's a bunch of money on the street.
If you can get over there soon enough, you can get it."
What is the
problem?
Forbes say that criminals have found a way to add incorrect
information to data moving around DNS servers. As a result, "hackers can swap
out the address of a legitimate Web site and insert the address of their
malicious Web site instead." This then allows the criminals to redirect
internet surfers from the website they want to a non-bona fide website.
The first example of this in practice was an attack on AT&T's
website that redirected to Google and automatically sent clicks to Google Ads,
with the profits of those clickthrough going to the criminals.
This issue is just one of many being discussed at the Black Hat Conference this week. You can find some analysis of the issue and
its solutions at the Doxpara website.
Meanwhile,
watch out if you're running an internet banking service as this is now
public domain, and could be a major security exposure during this quiet
summer.
Chris M Skinner
Chris Skinner is best known as an independent commentator on the financial markets through his blog, TheFinanser.com, as author of the bestselling book Digital Bank, and Chair of the European networking forum the Financial Services Club. He has been voted one of the most influential people in banking by The Financial Brand (as well as one of the best blogs), a FinTech Titan (Next Bank), one of the Fintech Leaders you need to follow (City AM, Deluxe and Jax Finance), as well as one of the Top 40 most influential people in financial technology by the Wall Street Journal's Financial News. To learn more click here...
