Announcement

Collapse
No announcement yet.

Experts Race to Fix Serious Internet Flaw

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Experts Race to Fix Serious Internet Flaw


    By Brian Krebs, washingtonpost.com Staff Writer

    Computer security experts in the United States and Britain today confirmed that a new method has been identified that could make it easy for hackers to disrupt Internet communications worldwide, prompting a months-long, quiet effort to convince Internet service providers and other operators of the global telecommunications system to upgrade their systems.


    The U.S. Department of Homeland Security issued an alert Tuesday afternoon warning that the vulnerability could be used to "affect a large segment of the Internet community."

    The exploit, identified by 36-year-old Milwaukee security researcher Paul Watson, could give hackers the ability to crash Internet routers -- the complex machines that direct most of the world's Web traffic.

    The method that Watson identified takes advantage of an inherent design flaw in transmission control protocol (TCP) -- the language that all computers use to communicate on the Internet -- that could place ordinary computers at greater risk of attack.

    Watson, who is scheduled to present his findings at a security conference in Canada later this week, could not be immediately reached for comment. A notice on the conference's Web site and Watson's own site, www.terrorist.net, indicates that he still plans to share the full details of his research.

    Specific details about the vulnerability were published for the first time today by British security officials who said a successful attack using the flaw could significantly disrupt online communications.

    "The exploitation of this vulnerability could have affected the glue that holds the Internet together," said Roger Cumming, director of the National Infrastructure Security and Coordination Center in the United Kingdom. "Fixing it is a small but significant step to aid the overall stability of the Internet."

    The NISCC and its peers in the United States, Canada and Australia have been working with Cisco Systems Inc., Juniper Networks Inc., and all of the major Internet router manufacturers to address the problem, NISCC officials said.

    Rob Sturgeon, vice president of customer service for Juniper Networks, said the company began working with the NISCC in December and released a patch several weeks ago to protect its customers. Juniper is not aware of anyone exploiting the flaw, he said.

    A Cisco spokesman declined to comment on the situation. Spokespeople for two major Internet backbone operators, AT&T and MCI's UUNet division, also declined to comment.

    Amit Yoran, director of the cybersecurity division for the U.S. Department of Homeland Security, conceded the seriousness of the problem but said most of the world's major Internet service providers had already taken steps to prevent the attack.

    "It's important to note that this is a significant discovery, but it's also important to provide a fair degree of assurance that the sky is not falling," Yoran said.

    Security experts disagreed over how easily hackers could take advantage of the vulnerability. The problem might be much worse, they said, if Watson follows through on his plans to publish explicit instructions on how to exploit the flaw in his research.

    Security experts have known for years about the basic vulnerability that Watson identified, which theoretically could allow attackers to shut down Internet routers remotely by tricking them into resetting themselves. The challenge has always been that attackers must successfully guess several specific sets of information about the intended targets, a process that many thought would take even powerful computers several years to complete.

    According to Marcus Sachs, director of the SANS Internet Storm Center and a former top White House security official, Watson appears to have discovered a way to dramatically shorten the time it takes to guess that information to just a few minutes.

    But Michael Sutton, director of Reston, Va.-based security company iDefense Labs, said such an attack still would be very difficult to execute, even employing tools based on Watson's research.

    "This guy has certainly lessened the difficulty, but it looks like this would still be pretty tough to do," Sutton said. "What's he done is take this from a theoretical problem to one that's practical but difficult."



    Sachs said the concern generated by the vulnerability is reminiscent of what happened two years ago in the wake of the discovery of a serious security flaw in the ubiquitous "simple network management protocol," a low-level communications language used by all machines that connect to the Internet.

    At the time, the problem was thought to be so serious that the nation's top computer security officials were called in to the White House to brief President Bush (news - web sites) on the problem.

    "Many of us thought the end of the Internet was near. We thought for sure it would be simple for attackers to put two and two together and cause widespread Internet instability with SNMP," Sachs said. "We all held our breath for a while, but nothing happened. So, it's really hard to predict whether we'll see the same thing happen here."

  • #2
    Could this explain why I can't get to the sportlounge from work anymore.

    If any experts have any ideas please let me know. I get
    Unable to find server error when trying to get to the sportlounge, this
    just started this week. I can get to any other web sites no problem.
    Thanks in advance.

    Comment


    • #3
      That explains why this spyware and all these porndialers keep popping up on my system.
      Official Lounge Sponsor of lasvegasreb and his shoes.

      Comment


      • #4
        Rusty

        what happens when you open a prompt window and type:

        ping 66.98.222.15

        Comment


        • #5
          Originally posted by pgrote@Apr 21 2004, 01:12 PM
          Rusty

          what happens when you open a prompt window and type:

          ping 66.98.222.15
          it says "pong"


          Intarweb are funny.

          Comment


          • #6
            Originally posted by pgrote@Apr 21 2004, 02:12 PM
            Rusty

            what happens when you open a prompt window and type:

            ping 66.98.222.15
            I will try that when I get back to work.

            Comment


            • #7
              Yooo got to do the filez shairing NOW!
              Are you on the list?

              Comment


              • #8
                Originally posted by SLUBLUE@Apr 21 2004, 03:28 PM
                Yooo got to do the filez shairing NOW!
                wHot eez da filez shairings? R U Hott?
                If you believe in something sacrifice a hobo to it or don't bother.

                Comment


                • #9
                  Quick! Someone call Al Gore, he'll know how to fix it!

                  Comment


                  • #10
                    Originally posted by Turd Ferguson+Apr 21 2004, 02:30 PM-->
                    QUOTE (Turd Ferguson @ Apr 21 2004, 02:30 PM)
                    Working...
                    X