Are ISPs Profiting at the Expense of Your Security? - The Security Threat Still Exists
(Page 3 of 4 )
You’re still probably thinking that everything is secure, but not necessarily. Security is based on Barefruit’s servers. Unfortunately, these servers weren’t that secure. This was primarily due to the fact that Barefruit neglected to perform vital web programming methods. As a result, this caused servers to be exposed and susceptible to malicious JavaScript assaults. Subscribers to both Earthlink and Comcast were also vulnerable.
Both hackers and phishers could have had a field day, spreading all kinds of attacks, including grabbing cookies or creating unique links to non-existent sub-domains that belong to genuine websites. Another attack that hackers could have created was to send spam e-mail messages to Earthlink and Comcast’s subscribers. The e-mail message could include a link to a web page for money.paypal.com. You, still thinking it is PayPal, click on the link and go to the website. But it’s actually the hacker’s website. You enter your username and password. The hacker intercepts and steals your personal information.
Dan Kaminsky, a security researcher at IOActive, detected this security gap. He communicated this to both Earthlink and Barefruit. Kaminsky immediately and quietly solved this problem. However, Kaminsky warns that the danger still exists. That’s because ISPs continue to interject their non-existent sub-domains into the legitimate domains. Also, the domain owners are essentially dependent on Barefruit’s ad servers, which were once again, not completely secure at first. Barefruit however has since corrected its JavaScript problems.
To prove there is still an underlying threat, however, Kaminsky performed a demonstration. Kaminsky discovered how to place a YouTube video of Rick Astley, a popular 80s singer, into the domains of both PayPal and Facebook. What Kaminsky wanted to show was how a black hat hacker (a hacker with malicious or criminal intent) could implant a Trojan horse that steals users’ passwords. The hacker can do several things, including posing as a logged-in user, sending out e-mail messages, or adding people to the user’s Facebook account.
As previously stated, ISPs continue to interject their content into web pages. It seems to be a widespread business practice. For example, Network Solutions, which is one of the largest and best-known domain name registrars, was exposed for interjecting links of non-existent sub-domains into websites that customers owned. Network Solutions wasn’t the only one implementing this controversial practice, but other popular ISPs, including Verizon, Time Warner, Quest, and Comcast are doing it as well.
Because these large ISPs see this policy as a moneymaker, Kaminsky believes that they’re not as focused on the security threat. As a result, every website on the Internet is exposed to this threat and the owners have no control over it. Kaminsky has communicated with Internet companies about this potential security hole. Needless to say, they are not happy about it.
Kaminsky also mentioned that this policy can infringe upon Net Neutrality rights. Others have also criticized this policy. Paul Vixie, president of the nonprofit Internet Systems Consortium, believes that if users go to the website that does not exist, they should see an error message.
Next: Responses from Earthlink and Barefruit >>
More Web Hosting Articles Articles
More By Joe Eitel
