Da-Chief
04-20-2008, 10:00
http://i.dslr.net/urls/80/54480.gif (http://www.dslreports.com/shownews/ISP-Error-Opens-Security-Holes-in-Web-93723)
A money-generating trend that has cropped up in the last year is for ISPs to use DNS redirection services (http://www.dslreports.com/shownews/89282) to replace the old page not found error sites with sites full of advertising. This has been controversial in the past because it s irksome to users who are running apps and tools that require a clean connection. But it turns out that the issue may be more than just annoying; recent reports (http://blog.wired.com/27bstroke6/2008/04/isps-error-page.html) say that these pages cause vulnerabilities for the web in the form of security holes accessible by hackers.
The problem came to the attention of the media when it was revealed that Earthlink s (http://www.pcworld.com/businesscenter/article/144849/earthlink_redirect_service_poses_security_risk_exp ert_says.html) DNS redirection (through a service called Barefruit) had a bug that may have allowed attackers to launch undetectable phishing attacks against any Internet site . That bug has now been fixed but the problem remains an area of concern (http://blog.washingtonpost.com/securityfix/2008/04/when_monetizing_isp_traffic_go.html) because so many different ISPs are using similar services.
read comment(s) (http://www.dslreports.com/shownews/ISP-Error-Opens-Security-Holes-in-Web-93723)
More...
A money-generating trend that has cropped up in the last year is for ISPs to use DNS redirection services (http://www.dslreports.com/shownews/89282) to replace the old page not found error sites with sites full of advertising. This has been controversial in the past because it s irksome to users who are running apps and tools that require a clean connection. But it turns out that the issue may be more than just annoying; recent reports (http://blog.wired.com/27bstroke6/2008/04/isps-error-page.html) say that these pages cause vulnerabilities for the web in the form of security holes accessible by hackers.
The problem came to the attention of the media when it was revealed that Earthlink s (http://www.pcworld.com/businesscenter/article/144849/earthlink_redirect_service_poses_security_risk_exp ert_says.html) DNS redirection (through a service called Barefruit) had a bug that may have allowed attackers to launch undetectable phishing attacks against any Internet site . That bug has now been fixed but the problem remains an area of concern (http://blog.washingtonpost.com/securityfix/2008/04/when_monetizing_isp_traffic_go.html) because so many different ISPs are using similar services.
read comment(s) (http://www.dslreports.com/shownews/ISP-Error-Opens-Security-Holes-in-Web-93723)
More...