It’s In The Wild
The BBC reports that Attacks begin on net address flaw
Attack code that exploits flaws in the net’s addressing system are starting to circulate online, say security experts.
The code could be a boon to phishing gangs who redirect web users to fake bank sites and steal login details.
In light of the news net firms are being urged to apply a fix for the loop-hole before attacks by hi-tech criminals become widespread.
Net security groups say there is anecdotal evidence that small scale attacks are already happening.
The important point is that you have to check to be sure that your ISP has upgraded. There is nothing the bank, PayPal, etc. can do because this occurs between you and them. When you click on a link you go to your ISP’s Domain Name Server to get the numeric IP address that identifies the web location you want to visit. This flaw allows the “bad guys” to substitute their address for the real one and you end up on an identical looking site asking for you to sign in.
EBW at Wampum provides an industrial strength checker for the problem. If it doesn’t say “Great”, start complaining to your ISP and avoid visiting on-line banks, PayPal, and other money sites until it does say “Great”.
2 comments
Heh. AT&T fixed mine overnight. I don’t know whether to be grateful it’s fixed, or disappointed that it was vulnerable in the first place.
It was another “no one could have imagined” moment. The damn script kiddies will be all over this for kicks, and there will probably some political crap as well.
The schools and colleges should be the first people to take care of this, but they’ll probably be the last.
One of my IT students complained that the campus system was more difficult to log into than her network at work. I told her that if she had hundreds of IT students trying to breaking into her work system, it would have to be as hardened and should be anyway.