Are you safe?

[wildnblu]

Major Internet security flaw also affects e-mail
Opening allows criminals to intercept e-mails and redirect messages


LAS VEGAS - A newly discovered flaw in the Internet's core infrastructure not only permits hackers to force people to visit Web sites they didn't want to, it also allows them to intercept e-mail messages, the researcher who discovered the bug said Wednesday.

Considering the silent nature of the attack and the sensitive nature of a lot of electronic correspondence, the potential for damage from this second security flaw is high. But there's no evidence yet that this method of targeting e-mail has been used in a successful attack.

Dan Kaminsky of Seattle-based security consultant IOActive Inc. exposed a giant vulnerability in the Internet's design that, in one case, allowed hackers to reroute some computer users in Texas to a fake Google.com site loaded with automated advertisement-clicking programs, a scam to generate profits for the hackers from those clicks.

The flaw wasn't in the site itself, it was in the back-end machines responsible for guiding computers to that site.

The vulnerability Kaminsky found is especially insidious because it allows criminals to tamper with machines whose reliability and trustworthiness is critical for the Internet to function properly.

Kaminsky, who spoke Wednesday at the Black Hat hacker conference in Las Vegas, has given few details publicly about the vulnerability he found in the Domain Name System (DNS), a network of servers used to connect computers to Web sites.

He remained tightlipped so that Internet providers would have time to fix their machines. Many have done that, but others have delayed, leaving some people at risk.

Major vendors like Microsoft Corp., Cisco Systems Inc., Sun Microsystems Inc. and others have issued patches — software tweaks that cover the security hole and prevent affected machines from ingesting the bogus information hackers are trying to feed them.

"The industry has rallied like we've never seen the industry rally before," Kaminsky said.

Kaminsky's talk Wednesday at the conference was packed, with people sitting on the floor of the main speaker's hall and overflowing out the back doors. His presentation instantly became one of the Black Hat conference's most anticipated after he announced July 8 that he'd found a major weakness in DNS, a critical part of the Internet's plumbing.

While some details leaked out early — security researchers accurately guessed parts of Kaminsky's discovery — he was able to keep a few juicy bits secret until the talk.

One of those was the susceptibility of many e-mail servers to the DNS vulnerability, an opening that gives criminals a way to plant themselves in the middle of the transmission from the sender to the recipient and redirect messages to their own servers, Kaminsky said.

The result: criminals have a way not only to comb through the contents of those messages, but also to gain access to other password-protected Web sites the victims belong to.

That's because most sites have a feature that allows members to retrieve their passwords by e-mail if they've forgotten them. If a criminal has access to the account where that message is sent, he can then begin snooping on the contents of that account, from e-mail, to banking, to retailer sites.

The thrust of the DNS flaw is that it allows hackers to attach bad information to packets flowing in and out of DNS servers so they change the directions they give to certain Web sites.

It's the equivalent of turning around a street sign to send drivers down the wrong street.

So someone who innocently types in the address of a legitimate Web site can be strong-armed instead into going to a malicious site under the criminal's control. Because the attack happens at the network level, and the browser believes it's visiting the legitimate site, the attack is nearly impossible for users to detect.
Many e-mail servers are vulnerable because they also handle DNS traffic, Kaminsky said. Even if they only handle internal inquiries, if they interact with external DNS servers, that's often enough to expose them to attack.

Hackers are thus able to manipulate the packets associated with e-mail traffic the same way they manipulate the packets associated with general Web traffic.

[Money2themax]

yeah i have tips for that
1. if you don't know the website don't give them your email or do like i do and have a dummy account for that
2. if it looks shady don't go on it
3. keep your pc up to date [that's true with EVERY OS]
4. don't download screensavers and other junk from popups [ever] and websites that look shady
5. google will not keep you safe all it does is search meta tags for key words it doesn't know the difference between a shady site and a clean site
6. when your buying things online get a "gift card" from your local grocery store and use that. they work i know i've used one before.
7. if you do buy online and you can't use/get a "gift card" only buy things from these sites or ones that are like them [owned by a major cooperation]
Microsoft
Apple
Amazon
Ebay? [double check that one for me somebody]
Last.fm
Sun Microsystems
Walmart
Dell
HP
ect
i'm sure you get the picture
if you have and questions just post them on this thread