IT experts scramble to fix Cisco flaw

Computer experts were left scrambling on Friday to fix a flaw in millions of devices that direct internet traffic after Cisco Systems said the flaw could hackers to attack websites and shut down portions of the internet.

    IT experts are racing to prevent hackers from exploiting a flaw in Cisco routers

    Cisco announced the flaw with the devices, known as routers on Thursday – resulting in a race between security experts to install a patch, and hackers trying to exploit the error.

    So far though, there have not been any reports of problems.

    Analysts said that due to Cisco’s large market share with routers, coordinated attacks could have left a devastating impact on the internet.

    By sending a special sequence of data, a malicious hacker could trick a Cisco router into believing it was full, causing it to crash.

    But Shawn Hernan, a security specialist in the government-funded CERT Coordination Centre at Carnegie-Mellon University, said most major Internet operators were upgrading.

    As of Friday, the flaw had not led to any service shutdown, he said.

    "We have seen evidence of attempts (to shut down routers) but no evidence of a successful attack," Hernan said.

    "But I will say that the death of the Internet is not imminent. The good news is that most if not all the service providers have been upgrading."

    Hernan said that the Cisco routers, which are essentially computers that direct traffic, could be shut down if an attacker knew about the vulnerability.

    Within a day of the advisories issued by Cisco and CERT, experts found "malicious code" circulating on the Internet that could be used by hackers to exploit the flaw.

    "This exploit allows an attacker to interrupt the normal operation of a vulnerable device," according to a CERT advisory. "We believe it is likely that intruders will begin using this or other exploits to cause service outages," Hernan added.

    Although the announcement provided information to hackers, Cisco and CERT were left with little options in order to get information out to the millions of website operators.

    Private security experts were concerned as well.

    Security firm TruSecure issued an advisory calling the problem "red hot."

    "The TruSecure research team has determined that this vulnerability presents a serious threat to its clients," TruSecure said.

    SOURCE: Agencies


    YOU MIGHT ALSO LIKE

    Lost childhoods: Nigeria's fear of 'witchcraft' ruins young lives

    Lost childhoods: Nigeria's fear of 'witchcraft' ruins young lives

    Many Pentecostal churches in the Niger Delta offer to deliver people from witchcraft and possession - albeit for a fee.

    The priceless racism of the Duke of Edinburgh

    The priceless racism of the Duke of Edinburgh

    Prince Philip has done the world an extraordinary service by exposing the racist hypocrisy of "Western civilisation".

    Why a hipster, vegan, green tech economy is not sustainable

    Why a hipster, vegan, green tech economy is not sustainable

    Improving eco-efficiency within a capitalist growth-oriented system will not save the environment.