Internet security researchers warned that hackers have caught on to a “critical” flaw that lets them control traffic on the internet.
An elite squad of computer industry engineers that labored in secret to solve the problem released a software “patch” two weeks ago and sought to keep details of the vulnerability hidden for at least a month to give people time to protect computers from attacks.
“We are in a lot of trouble,” said IOActive security specialist Dan Kaminsky, who stumbled upon the Domain Name System (DNS) vulnerability about six months ago and reached out to industry giants to collaborate on a solution.
“This attack is very good. This attack is being weaponised out in the field. Everyone needs to patch, please. This is a big deal.”
DNS is used by every computer that links to the internet and works similar to a telephone system routing calls to proper numbers, in this case the online numerical addresses of websites.
The vulnerability allows “cache poisoning” attacks that tinker with data stored in computer memory caches that relay internet traffic to destinations.
Attackers could use the vulnerability to route users wherever they want, no matter what address is typed into a web browser.
As a backup measure I’ve exported this blog into becrux.wordpress.com just in case the becrux.net DNS addresses have been mischievously changed in a way that I have no control of.