Domain Name Bug Worries Web Providers

Firms race to fix flaw in Internet's architecture before crooks find it
By Jason Farago,  Newser Staff
Posted Jul 30, 2008 9:33 AM CDT
ISPs worldwide are working quickly - though perhaps not quickly enough - to patch a flaw in the Domain Name System.   ((c) zenobia_joy)
camera-icon View 2 more images

(Newser) – ISPs worldwide are racing to patch a flaw in the design of the Internet that could allow criminals to steal personal and financial details of Web users by diverting them to fake sites. The flaw resides in the procedures of the Domain Name System, which translates URLs into numerical Internet protocol. The problem underlines the dangers of the Internet's jumbled, decentralized architecture, in which no one entity can fix such a weakness, writes the New York Times.

The fault was discovered by 29-year-old programmer Dan Kaminsky, and in March he had an emergency meeting with computer security specialists at Microsoft. Although he has kept details of the security weakness a secret, they were published online, seemingly accidentally, by a computer security firm last week. Now the race is on to close the loophole. "You don’t get to tell the river you need more time until it floods," Kaminsky says.