0 Members and 1 Guest are viewing this topic.
The flaw, discovered by accident, would allow criminals to redirect users to fake webpages, even if they typed the correct address into a browser.Internet giants such as Microsoft are now distributing the security patch.Security expert Dan Kaminsky said that the case was unprecedented, but added: "People should be concerned but they should not be panicking.""We have bought you as much time as possible to test and apply the patch," he said. "Something of this scale has not happened before."Mr Kaminsky discovered the error in the workings of the Domain Name System (DNS) about six months ago.DNS is used to convert web addresses written in words - such as www.bbc.com - into the numerical sequences used by computers to route internet traffic around the world.The flaw revolves around the way that the servers that translate words into numbers handle the requests they get.
Many users of the ZoneAlarm firewall have been floored by a fix to the net's addressing system.Those hit found they could not get online after installing a Microsoft patch to close a security loophole.
Firewall fixThe flaw in the net's Domain Name System (DNS) was discovered in March 2008 and since then many firms have been preparing patches and updates to ensure it cannot be exploited by hi-tech criminals.On Tuesday Microsoft released its patch for DNS as part of its regular security update cycle.However, many found that as soon as they applied the patch, known as KB951748, they could no longer go online.BBC News website reader Chris Rogers applied the Microsoft patch to his own and his wife's computer but discovered that afterwards neither machine could get at e-mail or the web. His anti-virus software could no longer update either."Basically, the [Microsoft] update had crippled both PCs," he told BBC News.The problems only affected those with machines running Windows XP or 2000.A spokesman for Microsoft said PC owners were not contacting it about any problems the update caused.Mr Rogers found restoring the PC's operating systems back to before the security update was installed, restored access to the net.He, and many others, traced the problem to a conflict with the ZoneAlarm firewall.As news of the problems spread, CheckPoint software, which owns ZoneAlarm, issued a statement about the problems.While it prepared a fix for the fix, Checkpoint advised users to uninstall the Microsoft security update or temporarily lower the firewall settings to "medium".Late on 9 July CheckPoint released an update to ZoneAlarm, version 7.0.483, that solved the conflict.
