Government-funded group warns of major computer vulnerability
Tuesday, February 12th 2002, 12:00 am
By: News On 6
WASHINGTON (AP) _ Much of the Internet's network devices _ from desktop computers to traffic management systems _ have a security flaw that could allow hackers to shut them down or gain control of the devices, a government-funded research group warned Tuesday.
The problem is most serious for Internet service providers, which use systems called routers to manage the flow of messages across computer networks and the Internet, the group said.
``ISPs that don't act will have a reasonable chance of having their routers go down,'' said Alan Paller, research director at the Sans Institute in Maryland.
The CERT Coordination Center, based at Carnegie Mellon University in Pittsburgh, planned to release an alert Tuesday. Marty Lindner of CERT said hundreds of vendors use the Internet protocol found to be at risk. The warning, to be posted on CERT's Web site, lists the steps businesses and consumers should take to protect themselves.
CERT is funded in part by the Defense Department.
``Some companies actually have all their patches ready to go,'' Lindner said. ``Some companies have been diligently working on patches, but they have a lot more work to do.''
When update programs aren't available, Lindner said the site will tell users how to reduce the risk of an attack.
Lindner said the problem was found recently by researchers at the University of Finland at Oulu, but it has existed for more than 10 years, since the ``Simple Network Manager Protocol'' was written.
``I don't think anyone looked for it,'' prior to the Finland researchers, Lindner said.
SNMP is used to gather information from network systems, or configure them remotely. Paller said Internet providers could safely disable SNMP until a patch is available, but may have difficulty billing their customers.
Depending on the flavor of SNMP, a hacker could shut down a victim's device or get full access to it.
Microsoft systems, frequently derided for security problems, may have a leg up on the problem. Microsoft operating systems turn SNMP off by default, Lindner said. ``But that doesn't mean it can't be enabled by some other product you could install on top of it,'' he added.
Russ Cooper of security firm TruSecure said his company is testing a tool that could be used to break into computers running SNMP. He said the tool is ``in the wild,'' meaning that it could be available to malicious hackers.
Security experts were sober about the threat, with one joking that if a hacker took down the Internet, he wouldn't be able to brag to his friends that he did it.
``I'm worried that it could cause some disruptions,'' Cooper said. ``I'm not worried about the end of the Internet as we know it.''