E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Professional Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by:
Bennett Gold LLP, Chartered Professional Accountants

Effective December 31 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering notable e-commerce news articles from the period 1999 to 2012.


Source: MarketWatch

Posted on July 15, 2008

By John C. Dvorak

      Earlier this week it was revealed that a process called DNS poisoning could allow hackers to completely take over the entire Internet without users knowing it. This would put all your online data and even the routing of your email at grave risk.

      The good news is that a fix for the flaw has been made. The bad news is the experts say that the fix only makes it harder, not impossible, for hackers to exploit the flaw.

      Some explanations for the technically inclined out there can be found online. But I will try and summarize.

      The entire Internet is based on IP addresses, which take the form of a series of numbers and dots such as (the typical private IP address of the wireless router on your network). Anyway, every Web site and user has one of these numbers associated with them.

      Generally speaking, though, we only see our associations with domain names. An email might be dvorak@marketwatch.com. Or a Web page might be http://www.marketwatch.com.

      To deliver to the mailbox or to display the Web page, the actual IP address must be discovered and that is done by requesting the server address from the so-called Domain Name System, or DNS. Here the Marketwatch.com name is listed in the database and associated with an IP address.

      The overall DNS is complex but quite reliable if everyone plays fair. Hackers have attempted to attack it over the years as a gag.

      This new vulnerability, though, could be exploited to an extreme. To simplify, the information within the structure gets purposely tainted - poisoned, if you will - and allowed to be tricked into propagating in such a way that if someone requests the IP number for Marketwatch.com they get the wrong information back.

      Once this is in place all sorts of things could happen, including the funneling of all the user data and internal email to some site in, say, Russia, where it could be collected and stored. The users would never know what happened.

      The implications for cloud computing and e-commerce must be considered by investors everywhere. We are approaching the 40th anniversary of the Internet, which began in 1969 as Arpanet, and we are still finding unusual flaws like this one.

      From the beginning, I have said that the Internet is a public network that will have never-ending security issues that demand user caution. This means end-to-end encryption and constant backups for users who want to rely on it for business applications.

      And yes, I am old school and prefer to run important applications on one of the local machines I have at home or in the office, rather than online. But even when you think in terms of good security practices, there is always the possibility that some sort of futuristic attack on the DNS servers that will cripple the Net for hours, days or possibly months.

      What would you do if that happened? What would your company do?

      I was in my local wine store recently when the Internet connection went down for an hour, requiring everyone to write orders by hand. They were lucky: Once I was in a store where the Internet went down and they had to close the store.

      But this DNS issue is more frightening than an outage. This could be a hijacking situation.

      While there is always fraud and theft going on within the structure of the Internet, there has yet to be the Great Net Robbery, where perhaps billions of dollars are stolen electronically somehow.

      I can assure you that day is coming.

CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.

Final Entries

LINK TO: Bennett Gold, Chartered Professional Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Privacy Breaches.

Get WebTrust
Working For
Your Site.