Glitch discovered in Internet addressing system

July 10, 2008
Security flaw could leave Web users vulnerable to hackers

London,July,(BBC)-Computer experts have released software to tackle a major security glitch in the internet addressing system.

The flaw, discovered by accident, would allow criminals to redirect users to fake webpages, even if they typed the correct address into a browser.

Internet giants like Microsoft are now distributing the security patch.

Security expert Dan Kaminsky said that the case was unprecedented, but added: "People should be concerned but they should not be panicking."

He discovered the error in the Domain Name System (DNS) about six months ago.

DNS is used to convert web addresses written in words - such as www.bbc.com - into the numerical sequences used by computers to route internet traffic around the world.

The glitch would make it simple to operate "phishing" scams, in which users are directed to fake webpages supposedly for genuine banks or businesses and tricked into disclosing credit card details or other personal data.

Mr Kaminsky held talks with computer giants such as Microsoft, Sun and Cisco in March, and has been part of a team engaged in secret research since then, developing the security patch which has now been released simultaneously for all computer platforms.

Technical details are being kept secret for another month to give companies a chance to update their computers, before hackers try to unpick the patch.

Personal computers should pick up the patch through automated updates.

ibaa