Last week, Security Fix examined new research suggesting that some major Internet service providers are exposing their customers to security flaws when they redirect wayward Web surfers to ad-filled pages. I’m revisiting this controversial practice because another major provider of these services (for one of the nation’s largest ISPs) was found to be similarly vulnerable. As noted here last week, Earthlink and a few other ISPs are using a service from a U.K. company called BareFruit, which helps ISPs redirect users to ad-filled pages when they either request a Web site that does not exist or when they mistype a real domain, e.g., ww.example.com (notice the missing “w”). Researcher Dan Kaminsky found that BareFruit’s servers contained a security flaw that would have made it easy for hackers and scammers to trick the ISP’s customers into visiting phishing sites or downloading malicious software. Kaminsky presented evidence that Verizon was among […]
Search
Translation
Recent Posts
Categories
Monthly Archives
- August 2008 (43)
- July 2008 (60)
- June 2008 (51)
- May 2008 (57)
- April 2008 (82)
- March 2008 (60)
- February 2008 (46)
- January 2008 (41)
- December 2007 (20)
- November 2007 (37)
- October 2007 (36)
- September 2007 (27)
- August 2007 (39)
- July 2007 (34)
- June 2007 (77)
- May 2007 (142)
- April 2007 (722)
- March 2007 (2124)
- February 2007 (612)