Page last updated at 13:13 GMT, Friday, 25 July 2008 14:13 UK

Attacks begin on net address flaw

Computer keyboard, BBC
Attackers could use the loophole to redirect web users to fake sites

Attack code that exploits flaws in the net's addressing system are starting to circulate online, say security experts.

The code could be a boon to phishing gangs who redirect web users to fake bank sites and steal login details.

In light of the news net firms are being urged to apply a fix for the loop-hole before attacks by hi-tech criminals become widespread.

Net security groups say there is anecdotal evidence that small scale attacks are already happening.

Address list

"We are in a lot of trouble," said security guru Dan Kaminsky who found the flaw in the net's Domain Name System (DNS) in March 2008.

"This attack is very good," he said. "This attack is being weaponised out in the field. Everyone needs to patch, please."

The DNS acts as the net's address system and helps computers translate the website names people use, such as, into the numerical equivalents preferred by machines.

If exploited the flaw would allow malicious hackers to direct people to fake sites even if that user typed in the correct address for the place they wanted to visit.

Now security researchers have come up with two separate methods for attacking the flaw.

The code used in the attacks has been added to a popular testing tool called Metasploit used by both good and bad hackers alike to find weaknesses in computer systems.

The attack code was developed following the accidental leaking of the bug Mr Kaminsky discovered. Initially he had planned to release more information in October.

After being discovered in March, information about it was shared with large net organisations such as Cisco, Google, Yahoo and Microsoft to give them chance to produce patches and fixes.

Now net supply firms are being urged to get on with the job of updating their systems so customers are not left at risk.

Fix found for net security flaw
09 Jul 08 |  Technology
Net address fix foxes web users
10 Jul 08 |  Technology
Hackers attack heart of the net
07 Feb 07 |  Technology
Home network security scrutinised
16 Feb 07 |  Technology
UK net numbering project starts
26 Nov 07 |  Technology
To disclose or not to disclose?
22 Jul 08 |  Technology

The BBC is not responsible for the content of external internet sites

Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit


Americas Africa Europe Middle East South Asia Asia Pacific