- Impact
- 393
For the benefit of the not-so-informed:
http://www.eweek.com/article2/0,1895,1923546,00.asp
http://www.eweek.com/article2/0,1895,1923546,00.asp
Malicious hackers who are able to hijack an organization's Web domain may be able to steal traffic from the legitimate Web site long after the domain has been restored to its owner, according to a recent report.
Design flaws in the way Web browsers and proxy servers store data about Web sites allow malicious hackers to continue directing Web surfers to malicious Web pages for days or even months after the initial domain hijacking.
The persistent attack could lead to information or identity theft, according to Amit Klein, a Web application security researcher with the Web Application Security Consortium.
The problem, which Klein termed "domain contamination" exists because of features in Web proxy servers, which store versions of Web pages, and Web "clients," or browsers, including Microsoft's Internet Explorer, the Mozilla Foundation's Firefox and the Opera browser.
Proxy servers and browsers both establish trust relationships with Web servers that are identified as the authoritative host for a Web page in the DNS (domain name system), Klein said.
"Once a client believes it is communicating with the legitimate server for some domain, there's an implicit trust that's placed in that server that is not revoked," Klein told eWEEK.
For example, Web browsers store information on the Web server in Web cookies and cached Web pages that are stored locally. Once that information is downloaded and stored on the client, it can be very difficult to get rid of them, Klein said.
"There's just no way to sterilize the view or reflection of a Web site on the Internet," he said.
