Domain Typo Error Page Ads Let Hackers Hijack Entire Web, Researcher Discloses
Ryan Singel writes on Threat Level:
Some of the U.S.'s largest ISPs are seeking to make money off mistyped website names and instead created gaping security holes in the web's largest websites, including eBay, PayPal, Google and Yahoo, making it possible for hackers to turn any site on the net into a source of malware, a security researcher revealed Saturday.More here.
The massive vulnerability introduced by Earthlink and Comcast was quietly and quickly patched on Friday, after IOActive security researcher Dan Kaminsky reported the vulnerability to Earthlink and its technology partner Barefruit.
Note: Brian Krebs writes extensively about this, too, here on Security Fix.
posted by Fergie @ 4/19/2008 11:59:00 AM
0 Comments:
Post a Comment
<< Home