IOActive Inc.
A powerful new type of Internet attack works like a telephone tap, except operates between computers and Web sites they trust.
Hackers at the Black Hat and DefCon security conferences have revealed a serious flaw in the way Web browsers weed out untrustworthy sites and block anybody from seeing them. If a criminal infiltrates a network, he can set up a secret eavesdropping post and capture credit card numbers, passwords and other sensitive data flowing between computers on that network and sites their browsers have deemed safe.
- Login to post comments
- Read more
- Freenewsfeed
- Source
- attacker
- banking
- Dan Kaminsky
- e-commerce and other sites
- Independent security researcher
- Internet Explorer browser
- IOActive Inc.
- Len Sassaman
- Microsoft Corp.
- Microsoft Corporation
- Moxie Marlinspike
- Mozilla Corp
- Mozilla Corp.
- product marketing executive
- Seattle
- Seattle,Washington,United States
- security and privacy researcher
- software manufacturer
- SSL
- Tim Callan
- VeriSign Inc.
- Verisign, Inc.
- Web browsers
A newly discovered flaw in the Internet's core infrastructure not only permits hackers to force people to visit Web sites they didn't want to, it also allows them to intercept e-mail messages, the researcher who discovered the bug said Wednesday.
Considering the silent nature of the attack and the sensitive nature of a lot of electronic correspondence, the potential for damage from this second security flaw is high. But there's no evidence yet that this method of targeting e-mail has been used in a successful attack.
When Internet providers hire third-party companies to serve up advertisements on unused Web pages, that creative attempt to make money can open major security vulnerabilities they can't control, a researcher has found.
One such vulnerability -- described last weekend at a security conference by Dan Kaminsky, director of penetration testing for Seattle-based computer security consultant IOActive Inc. -- works like this: