View Single Post
Old 12-30-2008, 12:35 PM
  #1  
HSLD
APC co-founder
 
HSLD's Avatar
 
Joined APC: Feb 2005
Position: B777
Posts: 5,853
Default Internet Security Flaws (more good news)

Many Americans are aware of privacy and security issues presented by doing business on the Internet. Most people keep their browsers, anti-virus, and firewall software updated and call it good. Like water, hackers search for path of least resistance that offer the biggest gains, and now they are targeting the net's infrastructure itself.

Here are a few articles to widen awareness beyond your web browser

************************************************** *****

One of the cornerstones of Internet security may not be as solid as generally believed: A team of researchers said they successfully created a rogue certification authority (CA) to create digital certificates that are accepted by all major web browser – and not just those that are running on PCs. The discovery could prompt a new wave of phishing attacks and the adoption of more secure cryptographic standards on the Internet.

TG Daily - Final lock of digital website certificates cracked


************************************************** *****

Here is an interview with Dan Kaminsky talking about the flaw he found with DNS. If you can find a copy of the November issue of Wired, it has a fascinating article about this exploit:


Dan Kaminsky is understandably swamped today, given the unexpected early release of information about the critical DNS flaw he discovered that potentially affects the security of every website on the internet.

Kaminsky on How He Discovered DNS Flaw and More | Threat Level from Wired.com


************************************************** *****

Now the larger players on the net are making an [attempted] land grab with fundamental web security as a back drop:


The internet has a huge security problem that's temporarily fixed with bent paperclips and some gaffer's tape. Without concerted effort, hackers could easily spoil what little confidence remains in the internet.

VeriSign and ICANN Square Off Over the DNS Root | Threat Level from Wired.com
HSLD is offline