Internet Flaw Puts Huge Numbers of People at Risk of Fraud
What if you called up a telephone company’s directory assistance service and got a wrong number for a major bank? And, worse yet, the wrong number was for a fraud scheme that pretended it was that major bank, extracting information from callers so that it could steal from them?
That situation doesn’t exist. But a similar problem does exist on the Internet because of a significant design flaw that it is becoming widely known and could result in untold numbers of people being defrauded as a result of being directed to illicit websites, the New York Times reports.
“The potential consequences of the flaw are chilling. It could allow a criminal to redirect web traffic secretly, so that a person typing a bank’s actual web address would be sent to a fake site set up to steal the user’s name and password. The web user would have no clue about the misdirection,” the newspaper writes.
As those in charge of the world’s Internet service providers and websites race to try to fix the flaw, experts advise those with technical abilities to change their computer network preferences settings to use the www.opendns.com service, which is based in San Francisco.
Meanwhile, a minority of computer systems are already protected from the flaw, and, for those that aren’t, chances are that users won’t actually be defrauded, one expert points out.
“If there is a flaw in your car, it will get fixed eventually,” says Bruce Schneier, British Telecom’s chief security officer. In the meantime, “most people keep driving.”
