A fatal flaw in Internet security has a patch, but it’s a leaky one, the New York Times reports. Yesterday, a Russian scientist demonstrated an attack that secretly redirected web traffic. It took him just hours using standard equipment; before the patch, it would have taken seconds. Thieves could use the method to hijack a user’s bank or credit card information.
And it’s not just academic. “We have already been seeing attacks in the wild for the past two weeks,” a clued-in consultant said. Veteran Internet technologists were not surprised. “What makes this so frustrating is that no one has been listening to what we have been saying for the past 17 years,” one professor said. There are at least two domain name systems that are more secure.