Net flaw could open Web to hack attacks

LONDON – A serious flaw in the Internet’s traffic-routing protocol could allow hackers to disrupt online transactions and cut off access to major Web sites, security experts said on Wednesday.

The warnings come as Paul Watson, the US researcher who first discovered the vulnerability, was set to disclose the details to a conference in Vancouver. Britain’s IT security monitor at the National Infrastructure Security Co-ordination Centre (NISCC) has issued an uncommon “high risk” advisory, following similar warnings this week from the US government’s computer emergency response team, or CERT.The NISCC warned the flaw in the Internet’s TCP protocol, used to transmit data across the Internet and essential for computer users to access Web sites, could be exploited by a crafty programmer aiming to disrupt the flow of data across cyberspace.”The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly,” the warning said.Security experts were divided on the potential impact with predicted outcomes ranging from downed Web sites to nothing more than a brief interruption of an online transaction.The vulnerability targets flaws in basic Internet hardware – primarily with computers known as routers – that directs traffic across the sprawling global network.Major router manufacturers Cisco Systems Inc and Juniper Networks have issued advisories and have begun providing software to mitigate the risks of an exploit.Unlike many computer security risks, this flaw is not associated with a particular piece of software or hardware, but with a flaw in the basic design of the transmission protocol.Because it affects such a core piece of Internet functionality, some security experts were predicting a virus writer could develop a worm or virus capable of executing a denial of service attack commonly used by hackers to shut down Web sites and impact large enterprise networks.Other experts said the threat would only amount to a nuisance to Internet users.The most likely results would be that Web transactions would fail to go through, Internet telephone calls would drop and Web sites wouldn’t fully download, said Mike Pilbeam, senior director of technical operations for Europe, Middle East and Africa for Cisco Systems.- Nampa-ReutersBritain’s IT security monitor at the National Infrastructure Security Co-ordination Centre (NISCC) has issued an uncommon “high risk” advisory, following similar warnings this week from the US government’s computer emergency response team, or CERT.The NISCC warned the flaw in the Internet’s TCP protocol, used to transmit data across the Internet and essential for computer users to access Web sites, could be exploited by a crafty programmer aiming to disrupt the flow of data across cyberspace.”The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly,” the warning said.Security experts were divided on the potential impact with predicted outcomes ranging from downed Web sites to nothing more than a brief interruption of an online transaction.The vulnerability targets flaws in basic Internet hardware – primarily with computers known as routers – that directs traffic across the sprawling global network.Major router manufacturers Cisco Systems Inc and Juniper Networks have issued advisories and have begun providing software to mitigate the risks of an exploit.Unlike many computer security risks, this flaw is not associated with a particular piece of software or hardware, but with a flaw in the basic design of the transmission protocol.Because it affects such a core piece of Internet functionality, some security experts were predicting a virus writer could develop a worm or virus capable of executing a denial of service attack commonly used by hackers to shut down Web sites and impact large enterprise networks.Other experts said the threat would only amount to a nuisance to Internet users.The most likely results would be that Web transactions would fail to go through, Internet telephone calls would drop and Web sites wouldn’t fully download, said Mike Pilbeam, senior director of technical operations for Europe, Middle East and Africa for Cisco Systems.- Nampa-Reuters