EarthLink Server Setup Faulted for Security Risk

A vulnerability in servers used by EarthLink to handle mistyped Web page requests may have allowed attackers to launch undetectable phishing attacks against any Internet site, according to a noted Internet security researcher. The bug, which has been patched earlier, underscores a fundamental security risk in the way that some ISPs are attempting to generate advertising revenue from mistyped Web addresses, said Dan Kaminsky, director of penetration testing with IOActive, a security consulting firm.

  • Read the article: InfoWorld