News & Current Affairs

August 20, 2008

eBay insect fossil is new species

eBay insect fossil is new species

Aphid fossil (Richard Harrington)

The fossil was bought for just £20

A scientist who bought a fossilized insect on the web auction site eBay for £20 has discovered that it belongs to a previously unknown species of aphid.

Dr Richard Harrington, vice-president of the UK’s Royal Entomological Society, bought the fossil from an individual in Lithuania.

He then sent it off to an aphid expert in Denmark, who confirmed the insect was a new species, now extinct.

The bug has been named Mindarus harringtoni after the scientist.

I had thought it would be rather nice to call it Mindarus ebayi
Dr Richard Harrington, Rothamsted

“I was interested to see what it was because I’ve worked with a team of people involved in monitoring and forecasting aphids, those of greenfly and their relatives in this country,” Dr Harrington told.

“I looked at it with my team and we thought we could identify it down to the level of genus, but we had no idea what the species was.”

Dr Harrington sent the specimen to Professor Ole Heie, a fossil aphid expert in Denmark.

“He discovered that it was something that hadn’t been described before,” Dr Harrington explained.

The insect itself is 3-4mm long and is encased in a 40-50 million-year-old piece of amber about the size of a small pill.

“I had thought it would be rather nice to call it Mindarus ebayi,” said Dr Harrington.

“Unfortunately using flippant names to describe new species is rather frowned upon these days.”

Instead, Professor Heie named the new species after Dr Harrington.

“It’s not uncommon to find insects in amber… but I’m not sure that one has turned up on eBay that has been undiscovered before. It’s a rather unusual route to come by [a new species],” the researcher, based at Rothamsted Research in Hertfordshire, explained.

He said the insect would have fed on a tree called Pinetes succinifer which is itself now long since extinct.

August 7, 2008

Net address bug worse than feared

Net address bug worse than feared

Courtesy BBC

Computer keyboard, BBC

Attackers could use the loophole to redirect web users to fake sites

A recently found flaw in the internet’s addressing system is worse than first feared, says the man who found it.

Dan Kaminsky made his comments when speaking publicly for the first time about his discovery at the Black Hat conference in Las Vegas.

He said fixes for the flaw in the net’s Domain Name System (DNS) had focused on web browsers but it could be abused by hackers in many other ways.

“Every network is at risk,” he said. “That’s what this flaw has shown.”

The DNS acts as the internet’s address books and helps computers translate the website names people prefer (such as bbc.co.uk) into the numbers computers use (212.58.224.131).

Mr Kaminsky discovered a way for malicious hackers to hijack DNS and re-direct people to fake pages even if they typed in the correct address for a website.

In his talk Mr Kaminsky detailed 15 other ways for the flaw to be exploited.

Via the flaw hi-tech criminals or pranksters could target FTP services, mail servers, spam filters, Telnet and the Secure Socket Layer (SSL) that helps to make web-based transactions more secure.

“There are a ton of different paths that lead to doom,” he said.

‘Hype’

But the DNS threat was played down by net giant VeriSign which issues many of the security certificates used in SSL. It told BBC News its system was “not vulnerable”.

The Silicon Valley company looks after two of the net’s 13 DNS root servers. It also controls the computers that contain the master list of domain name suffixes such as .com and .net

Ken Silva, CTO VeriSign

“If there is a silver lining in all of this, it’s that users will become more aware and more consious of who they do business with.”

Ken Silva, chief technology officer at Verisign, said: “We have anticipated these flaws in DNS for many years and we have basically engineered around them.”

He believed there had been “some hype” around how the DNS flaw will affect consumers. He added that while it was an interesting way to exploit DNS on weak servers, there were other ways to misdirect people that remained.

Mr Silva said he was concerned that people would read too much into the doom and gloom headlines that have surrounded the discovery of the DNS flaw.

“It’s been overplayed in a sense. I think it has served to confuse the consumer into believing there is somehow now a way to misdirect them to a wrong site.

“The fact of the matter is that there have been many ways like phishing attacks to misdirect them for a long time and this is just yet another of those ways that will be surgically exploited.”

Security gap

Mr Kaminsky kept news of the flaw out of the public domain for months after its discovery to give companies time to patch servers.

Mr Kaminsky said that 75% of Fortune 500 companies have fixed the problem while around 15% have done nothing.

Major vendors like Microsoft, Cisco, Sun Microsystems and others have issued patches to close the security hole.

“The industry has rallied like we’ve never seen the industry rally before,” said Mr Kaminsky.

Student using laptop, BBC

Computer users need to be educated to surf the superhighway more safely

DNS attacks are not new but Mr Kaminsky is credited with discovering a way to link some widely known weaknesses in the system so that the attack now takes seconds instead of days or hours.

“Quite frankly, all the pieces of this have been staring us in the face for decades,” said Paul Vixie, president of the Internet Systems Consortium, a non-profit that makes the software run by many of the world’s DNS servers.

Mr Silva at VeriSign said even though patches have been put in place, this doesn’t mean users can sit back and relax.

“The biggest gap in security rests between the keyboard and the back of the chair,” he said.

“The look and feel of a website is not what a consumer should trust. They should trust the security behind that website and do simple things like use more secure passwords and change their password regularly.”

Mr Silva said education is fundamental in making the net a safer place.

“We have been trained since we were young to lock the door to our house, our car. We take these sensible security measures in the environment we are functioning in.

“Yet when it comes to computer safety we forget to look both ways before crossing the internet highway.”

Blog at WordPress.com.