FURTHER DETAILS of a major flaw in the internet’s naming system, which can allow malicious hackers to attack, were revealed at the annual Black Hat security convention in Las Vegas this week.

Dan Kaminsky, the researcher who discovered the flaw in the internet’s domain name system (DNS), said the flaw was the most severe discovered in the last decade and could provide a freeway for criminal identity-theft gangs to exploit.

Most companies have fixes installed, he said. “We got lucky with this bug,” Kaminsky said, but other profound flaws are lurking that will be just as hard to resolve. “We have to have disaster-recovery planning. The 90-days-to-fix-it thing isn’t going to fly.”

In March, Kaminsky convened a group of top tech producers who worked furiously to co-ordinate the release of fixes for their customers in early July. It was about as long as he could give the companies before the vulnerability spread to hackers, he said.

DNS steers internet users who are seeking a website by title, such as Google.com, to a numerical address that computers use. Kaminsky showed on Wednesday how hackers could corrupt the DNS process, taking users to an imitation site that could install malicious programs. “DNS is the Achilles’ heel of the internet,” said Joris Evers, a spokesman for security company McAfee.

Kaminsky also demonstrated how the DNS flaw could be used to attack features that some professionals had believed were immune. The secure sockets layer, signified by “https://” at the beginning of a website address, could be circumvented, he said. – (LA Times service)