Leaks in Patch for Web Security Hole
By JOHN MARKOFF The New York Times August 9, 2008
SAN FRANCISCO - Faced with the discovery of a serious flaw in the Internet's workings, computer network administrators around the world have been rushing to fix their systems with a cobbled-together patch. Now it appears that the patch has some gaping holes.
On Friday, a Russian physicist demonstrated that the emergency fix to the basic Internet address system, known as the Domain Name System, is vulnerable and will almost certainly be exploited by criminals.
The flaw could allow Internet traffic to be secretly redirected so thieves could, for example, hijack a bank's Web address and collect customer passwords.
In a posting on his blog, the physicist, Evgeniy Polyakov, wrote that he had fooled the software that serves as the Internet's telephone book into returning an incorrect address in just 10 hours, using two standard desktop computers and a high-speed network link. Internet experts who reviewed the posting said the approach appeared to be effective.
...