CNET también está disponible en español.

Ir a español

Don't show this again


Sites vulnerable to redirects

Network Solutions and CERT aim to protect the Net from a trick that invisibly redirects site visitors to another site.

    Network Solutions together with the CERT Coordination Center are hoping to protect the Internet from a vulnerability that could be used to redirect Netizens from their destinations.

    Last month AlterNIC founder Eugene Kashpureff rigged the domain name system so that anyone who tried to get to Network Solutions' site, InterNIC, would instead be sent to

    He has since publicly apologized for the move--after Network Solutions took him to court--and has worked with the company, telling officials just how he "hijacked" their domain name.

    Word went out across the Net that to avoid falling prey to the same kind of attack, network administrators needed to update a program that works with Domain Name Servers, called BIND, Berkeley Internet Name Daemon.

    While many updated BIND to version 8.1.1, a surprising number of administrators have yet to do so, and until they do they remain vulnerable, according to Network Solutions.

    "Our research indicates a vast majority of system administrators have not updated or patched BIND to avoid such attacks and their systems may be vulnerable, " stated Network Solutions' David Holtzman, senior vice president, engineering. "We believe it is in the best interests of the Internet community to be aware of the possible security problems associated with older versions of BIND and update to the most recent version now."

    CERT has issued an official advisory explaining how the update can be accomplished.