IT experts scramble to fix Cisco flaw

Computer experts were left scrambling on Friday to fix a flaw in millions of devices that direct internet traffic after Cisco Systems said the flaw could hackers to attack websites and shut down portions of the internet.

    IT experts are racing to prevent hackers from exploiting a flaw in Cisco routers

    Cisco announced the flaw with the devices, known as routers on Thursday – resulting in a race between security experts to install a patch, and hackers trying to exploit the error.

    So far though, there have not been any reports of problems.

    Analysts said that due to Cisco’s large market share with routers, coordinated attacks could have left a devastating impact on the internet.

    By sending a special sequence of data, a malicious hacker could trick a Cisco router into believing it was full, causing it to crash.

    But Shawn Hernan, a security specialist in the government-funded CERT Coordination Centre at Carnegie-Mellon University, said most major Internet operators were upgrading.

    As of Friday, the flaw had not led to any service shutdown, he said.

    "We have seen evidence of attempts (to shut down routers) but no evidence of a successful attack," Hernan said.

    "But I will say that the death of the Internet is not imminent. The good news is that most if not all the service providers have been upgrading."

    Hernan said that the Cisco routers, which are essentially computers that direct traffic, could be shut down if an attacker knew about the vulnerability.

    Within a day of the advisories issued by Cisco and CERT, experts found "malicious code" circulating on the Internet that could be used by hackers to exploit the flaw.

    "This exploit allows an attacker to interrupt the normal operation of a vulnerable device," according to a CERT advisory. "We believe it is likely that intruders will begin using this or other exploits to cause service outages," Hernan added.

    Although the announcement provided information to hackers, Cisco and CERT were left with little options in order to get information out to the millions of website operators.

    Private security experts were concerned as well.

    Security firm TruSecure issued an advisory calling the problem "red hot."

    "The TruSecure research team has determined that this vulnerability presents a serious threat to its clients," TruSecure said.

    SOURCE: Agencies


    YOU MIGHT ALSO LIKE

    Double standards: 'Why aren't we all with Somalia?'

    Double standards: 'Why aren't we all with Somalia?'

    More than 300 people died in Somalia but some are asking why there was less news coverage and sympathy on social media.

    The life and death of Salman Rushdie, gentleman author

    The life and death of Salman Rushdie, gentleman author

    The man we call 'Salman Rushdie' today is not the brilliant author of the Satanic Verses, but a Picassoesque imposter.

    The Beirut Spy: Shula Cohen

    The Beirut Spy: Shula Cohen

    The story of Shula Cohen, aka The Pearl, who spied for the Israelis in Lebanon for 14 years.