14.10.2008

FICORA's CERT-FI information security review 3/2008: Reliability of internet services menaced by DNS vulnerability

CERT-FI issued the year's first alert during the third quarter of this year. The alert concerned a vulnerability in the internet domain name service (DNS), which allowed the misdirection of a user or direction of e-mail to a false address.

The vulnerability received major publicity on information security forums. The most significant Finnish name servers were soon upgraded to safer versions, which is why the exploitation of the vulnerability remained limited. CERT-FI checked the situation regarding the name servers of fi-domain names and warned their maintainers of the vulnerability.

Vulnerabilities found in web browsers were exploited for unauthorized modification of website content during this reference period, too. The objective of loading malicious content into hacked websites can, for example, be to spread malware. Only a minor part of the hacked servers reported to CERT-FI were located in Finland.

During the third quarter, CERT-FI not only issued its first alert of the year, but also 39 alerts on vulnerabilities and 22 Information security now! articles.

This information is presented in the information security review for the third quarter of 2008 released by FICORA's CERT-FI unit responsible for solving information security incidents. The review looks at the most significant threats to information security, such as malware and their effects in Finland as well as development trends in and future prospects of data break-ins and vulnerabilities. The objective of the review is to support companies and organisations in their attempts to improve the management of information security risks.

The CERT-FI information security review 3/2008 is available in Finnish on the FICORA website at www.ficora.fi. The review will be published later also in Swedish and English.

Further information:
Ari Husa, Information Security Adviser, tel. +358 40 722 3130