Page last updated at 02:58 GMT, Wednesday, 9 July 2008 03:58 UK

Fix found for net security flaw

Computer keyboard
Even correctly-typed addresses could be misdirected, thanks to the flaw

Computer experts have released software to tackle a security glitch in the internet's addressing system.

The flaw, discovered by accident, would allow criminals to redirect users to fake webpages, even if they typed the correct address into a browser.

Internet giants such as Microsoft are now distributing the security patch.

Security expert Dan Kaminsky said that the case was unprecedented, but added: "People should be concerned but they should not be panicking."

"We have bought you as much time as possible to test and apply the patch," he said. "Something of this scale has not happened before."

Mr Kaminsky discovered the error in the workings of the Domain Name System (DNS) about six months ago.

DNS is used to convert web addresses written in words - such as www.bbc.com - into the numerical sequences used by computers to route internet traffic around the world.

The flaw revolves around the way that the servers that translate words into numbers handle the requests they get.

Unresolved the flaw would make it simple to operate "phishing" scams, in which users are directed to fake webpages supposedly for genuine banks or businesses and are tricked into disclosing credit card details or other personal data.

Mr Kaminsky talked to Microsoft, Sun and Cisco and many others in March and has been part of a team engaged in secret research since then to develop the security patch which has now been released simultaneously.

"This hasn't been done before and it is a massive undertaking," said Mr Kaminsky.

Despite the scale of the operation few are expected to see any disruption to their web experience as the patch is applied. It is not thought that the flaw had been exploited prior to its discovery.

Technical details are being kept secret for another month to give companies a chance to update their computers, before malicious hackers try to unpick the patch.

Personal computers should pick up the patch through automated updates. Microsoft released its patch on 8 July as part of its regular security cycle.

Some readers have contacted the BBC saying that applying Microsoft patch had caused problems with their PC. However, a Microsoft spokesman said its call centre staff had not received any calls about such problems.


SEE ALSO
Phishing attacks soar in the UK
15 Apr 08 |  Technology
Fears over online banking checks
13 Nov 07 |  Technology
Someone's watching you
14 Mar 08 |  Magazine
'Lax standards' on data security
14 Mar 08 |  UK Politics
Personal data privacy 'at risk'
21 Feb 08 |  Business
Taking cover from ID theft
22 Nov 07 |  Magazine

RELATED INTERNET LINKS
The BBC is not responsible for the content of external internet sites


FEATURES, VIEWS, ANALYSIS
Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit

BBC navigation

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.

Americas Africa Europe Middle East South Asia Asia Pacific