New internet flaw could compromise corporate networks
Los Angeles - A newly-discovered flaw could let hackers steer people using corporate computer networks to malicious websites of their own devising, the Los Angeles Times reported Wednesday.
The flaw was discovered by Dan Kaminsky of security firm IOActive. Software companies are developing patches to fix the problem, which has not yet been exploited by hackers.
System administrators will have 30 days to apply those patches - from the likes of Microsoft Corp, Sun Microsystems Inc, Red Hat Inc - before the details of the flaw are disclosed at the Black Hat security conference in Las Vegas in August.
Kaminsky told the paper that he stumbled across the hole in the so-called DNS system for steering people to the websites "by complete and total accident." Smaller DNS flaws have been used before to "poison" the servers that send people to the numerical address of the website name they enter. But this failing comes deeper in the basic system that powers the internet, Kaminsky hinted.
"This is about the integrity of the Web, this is about the integrity of e-mail," Kaminsky said. "It's more, but I can't talk about how much more." (dpa)