Internet security breach tackled

Computer experts have released software to tackle a major security glitch in the internet addressing system.

The flaw, discovered by accident, would allow criminals to redirect users to fake webpages, even if they typed the correct address into a browser.

The question is, would Comodo Verification Engine have helped here, “disabled” this bug, so to speak?

Greetings!

The patch for it was released yesterday by Microsoft.
And I guess VE would’ve got it. I don’t know how VE works, but I think it checks if the IP-address of the website matches the URL.
So for example, if legit.com has the IP-address 81.211.0.1, and you’d become a victim, the URL would show legit.com, tho the actual address is malicious.com. But the IP-address would be something else, like 72.191.27.31, so VE should know that legit.com=81.211.0.1 and not 72.191.27.31.
It wouldn’t be possible to spoof the IP-address, as you’ll need to receive ‘answers’ from the remote host.

Cheers,
Ragwing

I noticed the patch was out shortly after posting here.

Good to know VE users would not have been vulnerable. Except of course if they use Firefox 3. :smiley:

Thanks for your reply.

I think it depends if the Authoritative server for the domain is poisoned or not.
Or if i could poison the cached answer from the providers DNS for a specific domain.

I don’t know the VE but my guess is that is uses Comodo’s DNS Servers to “check” the locally resolved address.
But if the Comodo server get’s the “fake” answer from the Authoritative server then it won’t alert.
If only your provider is poisoned then it will.

And reading the security items on this issue, it looks like both the DNS servers (Windows/BIND) and the (Windows/Others) DNS Client (cache poison) are vulnerable.

Here’s an update on what is “wrong”
http://isc.dshield.org/diary.html?storyid=4687

Wonder if you were talking about KB951748

Was suprised that it in itself caused a furrer, but causing a DNS disconnect from the Internet.

UncleDoug