IT experts scramble to fix Cisco flaw

Computer experts were left scrambling on Friday to fix a flaw in millions of devices that direct internet traffic after Cisco Systems said the flaw could hackers to attack websites and shut down portions of the internet.

    IT experts are racing to prevent hackers from exploiting a flaw in Cisco routers

    Cisco announced the flaw with the devices, known as routers on Thursday – resulting in a race between security experts to install a patch, and hackers trying to exploit the error.

    So far though, there have not been any reports of problems.

    Analysts said that due to Cisco’s large market share with routers, coordinated attacks could have left a devastating impact on the internet.

    By sending a special sequence of data, a malicious hacker could trick a Cisco router into believing it was full, causing it to crash.

    But Shawn Hernan, a security specialist in the government-funded CERT Coordination Centre at Carnegie-Mellon University, said most major Internet operators were upgrading.

    As of Friday, the flaw had not led to any service shutdown, he said.

    "We have seen evidence of attempts (to shut down routers) but no evidence of a successful attack," Hernan said.

    "But I will say that the death of the Internet is not imminent. The good news is that most if not all the service providers have been upgrading."

    Hernan said that the Cisco routers, which are essentially computers that direct traffic, could be shut down if an attacker knew about the vulnerability.

    Within a day of the advisories issued by Cisco and CERT, experts found "malicious code" circulating on the Internet that could be used by hackers to exploit the flaw.

    "This exploit allows an attacker to interrupt the normal operation of a vulnerable device," according to a CERT advisory. "We believe it is likely that intruders will begin using this or other exploits to cause service outages," Hernan added.

    Although the announcement provided information to hackers, Cisco and CERT were left with little options in order to get information out to the millions of website operators.

    Private security experts were concerned as well.

    Security firm TruSecure issued an advisory calling the problem "red hot."

    "The TruSecure research team has determined that this vulnerability presents a serious threat to its clients," TruSecure said.

    SOURCE: Agencies


    YOU MIGHT ALSO LIKE

    Can Muslim leaders alter Trump's Jerusalem decision?

    Can Muslim leaders alter Trump's Jerusalem decision?

    Turkish president calls Jerusalem a 'red line' as he hosts an Organisation of Islamic Cooperation summit in Istanbul.

    'Beaten' Palestinian boy in viral photo charged

    'Beaten' Palestinian boy in viral photo charged

    Fawzi al-Junaidi, 16, denies accusations of throwing stones and protesting, saying he was severely beaten by Israelis.

    Donald Trump: A president swallowed by history

    Donald Trump: A president swallowed by history

    The US has tried and failed to create a capital for another state before. "Israeli" Jerusalem will be the next Saigon.