PITTSBURGH — Security experts warned Monday of a new software vulnerability that could allow vandals to disrupt portions of the Internet by redirecting Web and e-mail traffic.

        The CERT Coordination Center, the government-funded computer emergency response team at Carnegie Mellon University, said the vulnerability was in BIND software, a key part of computers that direct traffic on the Net.

        The flaw was discovered earlier this month, and a fix was made available Jan. 17 by BIND's creator, the nonprofit Internet Software Consortium of Redwood City, Calif. CERT advised BIND users Monday to in stall the fix quickly.

        BIND is used in computers, known as domain name servers, that function as the Internet's phone books. Typing in a domain name such as Yahoo.com prompts a server to contact Yahoo's computers.

        If left uncorrected, the flaw could allow an intruder to change those directories.

        “Your e-mail could be routed to the wrong place,” said Shawn Hernan, a CERT security analyst. “Web addresses could be routed to the wrong place. You could type in www.myfavorite-place.com and be directed to a porn site, or worse, something that looks a lot like the site you expect to find.”

        BIND, or Berkeley Inter net Name Domain, is used on about 90 percent of domain name servers in the United States, said Jeff Carpenter, the center's manager.

        “BIND is a favorite target of intruders,” Mr. Hernan said, “and they will develop ways to exploit this quickly — in a matter of days or weeks.”

        Bill Pollak, a CERT spokesman, said the center knew of no hacking through the most recently identified weakness.

        There are tens of thousands of domain name servers around the world. Each one may serve 10,000 to 20,000 Internet users, so only portions of the Internet would be affected by a single attack.

        The Internet also has 13 master directories, called root servers, which tell domain name servers where to get updated information. Those computers, located in the United States, Tokyo, Stockholm and London, also use BIND software, said Brian O'Shaughnessy, a spokesman for VeriSign Inc., which runs some of the root servers for the U.S. government.

        In an extreme case, hackers could change settings at those root servers and redirect all dot-com traffic.

        Without BIND, Internet users would have to remember lengthy strings of numbers to surf the Web or send e-mail.

        Just last week, a technician's error and a hacking attack involving Microsoft's servers cut off the company's sites to the world for portions of four days. CERT officials do not think those problems are related to the latest BIND weakness, but Mr. Hernan said they demonstrate the importance of the name servers.

        Mr. Hernan said managers of high-security sites, such as those in the military, already have fixed the problem.

P&G earnings beat expectations
Fed expected to cut rates again
Flaw found in key Internet software
Napster could charge fee by summer
Col. Sanders' recipe found, but not THE famous recipe
Chrysler could find lessons in Iacocca's crisis management
Ohio's slowing economy reflected in budget
Tristate earnings reports
Tristate Summary
Industry notes: Banking
What's the Buzz?