ISP Error Opens Security Holes in Web
Those annoying DNS redirection services pose security risk
by KathrynV 10:53AM Sunday Apr 20 2008 Tipped by Dogfather
A money-generating trend that has cropped up in the last year is for ISPs to use DNS redirection services
to replace the old “page not found” error sites with sites full of advertising. This has been controversial in the past because it’s irksome to users who are running apps and tools that require a “clean” connection. But it turns out that the issue may be more than just annoying; recent reports
say that these pages cause vulnerabilities for the web in the form of security holes accessible by hackers.
The problem came to the attention of the media when it was revealed that Earthlink’s
DNS redirection (through a service called Barefruit) had a bug that “may have allowed attackers to launch undetectable phishing attacks against any Internet site”. That bug has now been fixed but the problem remains an area of concern
because so many different ISPs are using similar services.