The Earthtimes online News
Home

Major Security Flaw Discovered: Internet Privacy Compromised at All Levels

Posted : Tue, 22 Jul 2008 19:33:32 GMT
Author : Defence Intelligence Inc.
Category : Press Release
News Alerts by Email click here )
Create your own RSS
News | Home
OTTAWA, ONTARIO -- 07/22/08 -- Yesterday, details were leaked of possibly the single largest threat to Internet security. Earlier this year, Dan Kaminsky, director of penetration testing for IOactive, discovered a major flaw in how Internet addresses function. The issue is in the design of the Domain Name System (DNS) and is not limited to any single product. An attacker could easily take over portions of the Internet and redirect users to arbitrary and malicious locations to engage in identity theft. For example, an attacker could target an Internet Service Provider (ISP) replacing search engines, social networks, banks, and other sites with their own malicious content. Against corporate or government environments, an attacker could disrupt or monitor operations by rerouting network traffic, capturing emails and other sensitive data.

Kaminsky immediately reported the issue to major authorities, including the United States Computer Emergency Response Team (part of the Department of Homeland Security), and began working on a coordinated fix; a patch was released July 8th, 2008. Chris Davis, CEO of Ottawa-based Defence Intelligence, has been working in coordination with Kaminsky to brief key agencies in the Canadian government. Details of the vulnerability were to remain a closely held secret until Kaminsky's public presentation on August 6th, 2008 in order to provide organizations with enough time to protect themselves. However, this window was drastically reduced due to the accidental posting of the details by an uninvolved party.

Defence Intelligence is determined to make Canadian companies fully aware of the flaw and the steps they can take to protect themselves. The general public should be particularly vigilant while conducting business online. Kaminsky is urging people to act quickly, "Patch. Today. Now. Yes, stay late."

"This may be the worst information security vulnerability ever, and I'm very impressed at the speed and agility with which the Canadian government is responding," said Davis. The common goal of all involved parties is the implementation of the patch and monitoring of networks to ensure security.

DEFENCE INTELLIGENCE

Ottawa-based information security firm, specializing in compromise detection and mitigation, incident response, and emergency forensic consulting. Founded in 2008 by noted security professional Christopher Davis who recently returned to Canada after heading security departments at multiple US Fortune 500 companies.

Contacts:
Defence Intelligence
Julie Johnston
Director of Operations
613-591-8985
www.defintel.com

Copyright © 2008 Market Wire. All rights reserved.
More...



Article : Major Security Flaw Discovered: Internet Privacy Compromised at All Levels
Print this article
Share this article
Share on
Del.icio.us
Digg
Facebook
Fark
Google
reddit
Slashdot
StumbleUpon

Have your Say
Name
Email
Subject
Your Comment

Enter Verification code
 
  

 


Choose Theme
Green Earth Blue Earth Orange Earth Purple Earth

Search
 
You can

Current News

News Category
Business
Entertainment
Environment
General
Health
Sports
Technology
World

About us | News Archives | Browse old Archive | Feedback | Disclaimer | Mobile/PDA | News Alerts

The views expressed in the articles are not necessarily those of earthtimes.org and we accept no responsibility for the views or opinions
expressed in the articles either direct or indirect.
© 2008 www.earthtimes.org, The Earth Times, All Rights Reserved | Privacy Policy