Are ISPs Profiting at the Expense of Your Security? - The Security Threat Still Exists
(Page 3 of 4 )
Both hackers and phishers could have had a field day, spreading all kinds of attacks, including grabbing cookies or creating unique links to non-existent sub-domains that belong to genuine websites. Another attack that hackers could have created was to send spam e-mail messages to Earthlink and Comcastís subscribers. The e-mail message could include a link to a web page for money.paypal.com. You, still thinking it is PayPal, click on the link and go to the website. But itís actually the hackerís website. You enter your username and password. The hacker intercepts and steals your personal information.
To prove there is still an underlying threat, however, Kaminsky performed a demonstration. Kaminsky discovered how to place a YouTube video of Rick Astley, a popular 80s singer, into the domains of both PayPal and Facebook. What Kaminsky wanted to show was how a black hat hacker (a hacker with malicious or criminal intent) could implant a Trojan horse that steals usersí passwords. The hacker can do several things, including posing as a logged-in user, sending out e-mail messages, or adding people to the userís Facebook account.
As previously stated, ISPs continue to interject their content into web pages. It seems to be a widespread business practice. For example, Network Solutions, which is one of the largest and best-known domain name registrars, was exposed for interjecting links of non-existent sub-domains into websites that customers owned. Network Solutions wasnít the only one implementing this controversial practice, but other popular ISPs, including Verizon, Time Warner, Quest, and Comcast are doing it as well.
Because these large ISPs see this policy as a moneymaker, Kaminsky believes that theyíre not as focused on the security threat. As a result, every website on the Internet is exposed to this threat and the owners have no control over it. Kaminsky has communicated with Internet companies about this potential security hole. Needless to say, they are not happy about it.
Kaminsky also mentioned that this policy can infringe upon Net Neutrality rights. Others have also criticized this policy. Paul Vixie, president of the nonprofit Internet Systems Consortium, believes that if users go to the website that does not exist, they should see an error message.
More Web Hosting Articles Articles
More By Joe Eitel