1
   

Major Internet Security Flaw is Disclosed

Forums: Internet
Email this Topic Print this Page
 
 
BumbleBeeBoogie
 
Reply Wed 21 Apr, 2004 06:31 pm
Major Internet Security Flaw is Disclosed
Computer security experts are warning of a flaw that could leave thousands of Internet sites vulnerable to hackers.

The security hole, which was disclosed Tuesday by the British National Infrastructure Security Coordination Centre, involves a key element used in virtually all Internet traffic. The flaw found in the "transmission control protocol," or TCP, could allow unauthorized access to routing devices and web servers.

The problem potentially leaves websites open to hackers, who could then interrupt communications, corrupt or erase data, hijack sites to display their own messages, or launch so-called denial-of-service attacks designed to shut down access to other online resources.

Unlike previous security flaws, the TCP problem affects all manner of sites and is not limited to a particular computer platform, such as Windows or Unix.

The security hole was actually discovered last year by Paul "Tony" Watson, a computer researcher based in Milwaukee. Watson kept the discovery under wraps until means could be developed to cope with attacks based on the vulnerability.

Filtering and identification techniques have now been devised to limit the exposure of web servers. However, until they are implemented across the Internet, experts warn that a massive hacking attack could still be launched.
-----------------------------------
Internet Community Nervous About Security Flaw
Some Experts Say Hackers Won't Cripple Internet
April 21, 2004

Researchers have uncovered a flaw in Internet security that some say could cause widespread disruption of the Internet.

A researcher is unveiling information Thursday that will expose an Internet vulnerability that he and others fear could give hackers the information they need to mess with the Internet.

The vulnerability has to do with transmission control protocol. TCP tells e-mail transmissions where to go, sort of like zip codes for snail mail. The Internet is all connected, so if mail cannot get through one path, TCP finds another path for it to take to its destination.

In terms of this security flaw, one expert suggested you can think of it as a big tunnel -- one massive computer going to a bunch of little computers, including yours. The vulnerability allows the hackers to break into that tunnel.

"The problem is, someone's able to break into that tunnel and then cross the tunnel and get to your computer, get the info and shut it down," said John Featherman, a security expert.

Featherman said it is very unlikely the average user will be affected because the hackers would probably go after Internet service providers.

The Homeland Security Department has issued a cyberalert, saying this problem "could affect a large segment of the Internet community."

The U.S. Computer Emergency Readiness Team, a government center for Internet security expertise, said Wednesday that hackers would not be able to be able to bring down the Internet. The worst-case scenario is that they could slow down the systems.

What can the average computer user do? Nothing, although experts say it's a good idea to constantly update your anti-virus software and install firewalls.

The major software manufacturers are developing fixes and could have some solutions as early as Thursday.
  • Topic Stats
  • Top Replies
  • Link to this Topic
Type: Discussion • Score: 1 • Views: 803 • Replies: 2
No top replies

 
BumbleBeeBoogie
 
  1  
Reply Wed 21 Apr, 2004 06:35 pm
Net threat overstated, says security researcher
Net threat overstated, says security researcher
By Robert Lemos
CNET News.com
April 21, 2004, 3:08 PM PT
URL: http://zdnet.com.com/2100-1105-5197184.html

VANCOUVER, British Columbia--Widespread reports about a flawed communications protocol making the Internet vulnerable to collapse were overblown, according to the researcher credited with uncovering the security problem.

A flaw in the most widely used protocol for sending data over the Net--TCP, or the Transmission Control Protocol--was addressed by most large Internet service providers during the last two weeks and presents little danger to major networks, said Paul Watson, a security specialist for industry automation company Rockwell Automation. If left unfixed, the weakness could have allowed a knowledgeable attacker to shut down connections between certain hardware devices that route data over the Net.

"The actual threat to the Internet is really small right now," Watson said on Wednesday. "You could have isolated attacks against small networks, but they would most likely be able to recover quickly."

Watson was responding to news reports that ran Tuesday, after Britain's national emergency response team, the National Infrastructure Security Co-ordination Centre, released an advisory about the issue based on his research. Watson, who's scheduled to present that research here at the CanSecWest 2004 conference this week, referred to the media reaction as an "inordinate level of attention in respect to the amount of risk."

At greatest risk, he said, may be e-commerce sites that manage their own routers--those sites may not believe they're vulnerable to attack and may not have implemented a fix. Sites that have routers that share information on the most efficient paths through the Internet--using the Border Gateway Protocol, or BGP--are most vulnerable to the attacks.

Networking-gear maker Cisco Systems said Wednesday that it had released updated software that addresses how the flaw affects its products. Other gear makers, including Juniper Networks, Hitachi and NEC, have been investigating the issue. Information on each company's conclusions can be found in the vendor information section of the NISCC's advisory.

People have known for at least a decade about problems with the way Internet servers and network devices maintain connections with each other. "I am not the first person to notice the issues," Watson said. "I sort of pulled together all the pieces."

The problem, said Watson, involves numbers that identify data packets being sent over the Net. Many network appliances and software programs rely on a continuous stream of packets from a single source--called a session. The packets are identified and grouped together using so-called sequence numbers, and, theoretically, if someone could guess the next number in a session and send a packet with that identifier, he or she could substitute illicit commands for authorized ones, Watson said.

The odds against a correct guess were commonly thought to be staggering: about one in 4.3 billion. However--and here's the issue--Watson found that certain applications of TCP sessions, such as routers using the border gateway protocol, relied on long connection times, creating a much larger window of sequence numbers that could be valid. Instead of a one in 4 billion chance to guess the right number, a single-packet attack against a BGP connection might be successful once in 260,000 attempts. An attacker armed with a typical broadband connection could send all 260,000 possible attacks in less than 15 seconds.

It's not simple or elegant, Watson admitted, but it's effective. Rather than unleashing the sort of massive packet flood that normally makes up a denial-of-service attack, an online vandal could send far fewer packets and still bring down a site. "You can take e-commerce sites offline, but instead of billions and billions of packets, you can do it with a whole lot less," he said.

The U.S. Computer Emergency Response Team (US-CERT) has issued an advisory, referencing a similar warning released almost three years ago that mentioned comparable attacks.

Although large Internet service providers are vulnerable "to a very low degree," large and medium-size businesses should make sure they have assessed their vulnerability to the issue, said Sean Hernan, senior member of the technical staff for US-CERT.

"In addition to the core Internet, this TCP vulnerability affects any two endpoints," he said. The vulnerability could affect mail servers, the servers that handle domain names and act as the yellow pages for the Internet, and other major applications. However, in those instances, it is much harder to guess the right sequence numbers, Hernan said.

"This issue turned out to be particularly pernicious against BGP," Hernan said.

Both CERT and Watson recommend that companies add a random 128-bit number to each packet in a session to identify that data as part of the same session--the solution adopted by many major ISPs. Moreover, CERT also recommends that companies encrypt their data to further hide the information in the session from prying eyes.
0 Replies
 
satt fs
 
  1  
Reply Wed 21 Apr, 2004 07:05 pm
Apply patches.
0 Replies
 
 

Related Topics

Obama Promotes Making the Internet a Utility - Discussion by engineer
YouTube Is Doomed - Discussion by Shapeless
So I just joined Facebook.... - Discussion by DrewDad
Tracking and revealing the trolls....ok or not? - Question by dlowan
You are calling Congress about SOPA today, right? - Discussion by maxdancona
Internet disinformation overload - Discussion by rosborne979
Participatory Democracy Online - Discussion by wandeljw
OpenDNS and net neutrality - Question by Butrflynet
Are you for or against net neutrality, and why? - Discussion by Pronounce
Internet Explorer 8? - Question by Pitter
Blizzard Forum Says You Must Use Real Names ... - Discussion by jespah
 
  1. Forums
  2. » Major Internet Security Flaw is Disclosed
Copyright © 2024 MadLab, LLC :: Terms of Service :: Privacy Policy :: Page generated in 0.04 seconds on 05/18/2024 at 08:12:54