ISPs' Error Page Ads Let Hackers Hijack Entire Web, Researcher Discloses

Security researcher Dan Kaminsky

(wired) -- Seeking to make money from mistyped website names, some of the U.S.'s largest ISPs are instead creating gaping security holes in the web's largest websites, including eBay, PayPal, Google and Yahoo.

The ISPs are making it possible for hackers to turn any website into a source of viruses, phishing attacks and other malware.

The massive vulnerability introduced by Earthlink and Comcast was quietly and quickly patched on Friday, after IOActive security researcher Dan Kaminsky reported the vulnerability to Earthlink and its technology partner, a British ad company called Barefruit. full story