Yesterday,[July 8] computer software and hardware industry leaders, including Cisco, Microsoft, and Sun Microsystems, coordinated the release of software updates to plug the security hole, which involves a fundamental design flaw in the domain name system.

...Dan Kaminsky, ... the discoverer of the vulnerability, said attackers could use the flaw to "poison" the DNS records of network providers. In such an attack scenario, when customers of a targeted ISP try to visit a banking Web site with their browser, their browsers might instead be silently redirected to a counterfeit bank site controlled by the attackers.

...But Kaminsky said the larger issue lies at the Internet service provider and corporate level, ... , even regular home users ... could still be vulnerable if their ISP hasn't yet addressed the problem.

"Design bugs are interesting in that they don't just constrain themselves to one implementation or company," Kaminsky said. "Because they're behaving as designed, the same bug will show up in vendor after vendor. So this affects not just Cisco and Microsoft, but everyone."