ZDNet UK / News and Analysis / Business of IT / IT Strategy

Twin flaws threaten Net

By Staff, CNET News, 18 July, 2003 07:45

Daily Newsletters

Sign up to ZDNet UK's daily newsletter.

Topics

Flaw, Hole, Threat, Attack, Windows, Hackers, Internet, Cisco, Microsoft, Security

NEWS
Security experts were worried on Thursday that a flaw in Microsoft Windows and another in Cisco's ubiquitous network routers could lead to serious Internet attacks. The two flaws -- both made public on Wednesday -- affect a large number of computers and devices connected to the Internet, and that could make the two weaknesses prime targets of attack, said Oliver Friedrichs, senior manager for incident response at security software firm Symantec. "The ultimate concern is that we see something like Slammer or Code Red," he said. The Code Red worm and the Slammer worm were two of the worst Internet attacks in the past few years and disrupted corporate networks by infecting servers and inundating parts of the Internet with data. The Microsoft flaw could lead to another such incident, warned Friedrichs. The software titan released an advisory on Wednesday warning that every computer running any version of Microsoft Windows, except for Windows ME, had a vulnerability that could allow an attacker to take control of the computer. While the flaw is in a service that normally wouldn't be available over the Internet -- if the system's owner followed strong security guidelines -- many companies and home users may inadvertently have systems that are connected directly to the Internet and aren't protected by a firewall, said Marc Maiffret, chief hacking officer with security-software firm eEye Digital Security. "All it takes is for them to have one computer connected to the Internet," said Maiffret. "If one thing on the inside gets infected, then all hell is going to break loose." In the past, such incidents haven't targeted the Internet infrastructure, but Maiffret worried that a combined attack could disrupt many networks. "There is always the scare factor of two flaws coming out at the same time -- that someone might create a worm that levels both," he said. "That sort of thing has happened before... but has never happened with two flaws this widespread." Two years ago, a worm spread to thousands of servers, infecting Sun Microsystems computers and then levelling an attack against Microsoft Windows Web servers, defacing them. The worm, known as Sadmind, showed the potential for worms that used more than a single flaw to attack systems. The flaw in Cisco's systems is a likely target for such an attack. The flaw, first reported by CNET News.com on Wednesday, could allow an attacker to stop traffic from flowing through vulnerable network hardware. After being advised of the flaw on Tuesday by Cisco, Internet service providers scrambled on Wednesday and Thursday to plug the holes. Telecommunications giant AT&T had many of its thousands of routers patched by early Thursday morning, AT&T spokesman David Johnson said. "The ball is rolling," he said. "A good number of our routers have been checked off." Telecommunications provider Sprint had jumped on the issue as well, working late on Wednesday and finishing the updates by Thursday morning, spokesman Charles Fleckenstein said. "We finished this morning, and everything seems to be chugging along as normal," he said. With ISPs closing the security hole, the danger of any mass disruption is greatly lessened. Moreover, technical details of the flaws aren't yet readily available, eEye's Maiffret said. "I don't think a lot of people will be able to figure out how to write exploits for these flaws, because there are so few details," he said, adding that, the more time that companies and ISPs have for patching flaws, the better.
For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Security News Section. Let the editors know what you think in the Mailroom.

Related stories

Government agency warns of Windows flaw

Flaw leaves work PCs and Internet cafes open

Cisco warns of network flaw

Heart of England NHS begins massive digitisation plan

Hard-drive woes hit PC shipments in fourth quarter

Post your comment

In order to post a comment you need to be registered and logged in.

You can also log in with Facebook. Log in or create your ZDNet UK account below

  • Login

Will not be displayed with your comment

By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy. Questions about membership? Find the answers in the Community FAQ

Get ZDNet UK's daily newsletter

Enter your email address to sign up

ZDNet UK Live

Freebies202

Duplicate comments are not made intentionally. Its very good to know that now you are keeping check on this problem because sometimes a commenter...

5 hours ago by Freebies202 on Microsoft fixes blog comments, speeds up blogs with open source
kevinmchapman

"the very significant number of users" and "many (most) of us" - you have no evidence for these statements. It is a fact that most users are saying...

13 hours ago by kevinmchapman on A tale of two distros: Ubuntu and Linux Mint
Marg Menzies Harrison

Another grammar faux pas is the improper use of "you". When sitting down down in a restaurant, for example, I get cringe when the waitress...

15 hours ago by Marg Menzies Harrison via Facebook on 10 flagrant grammar mistakes that make you look stupid
zdnetukuser

And NOW, folks, for Canonical's next trick... Kubuntu is late. Here's a pencil. Draw your own conclusions. cf.:...

15 hours ago by zdnetukuser on Linux Minterface
Moley

@kevinmchapman. The discussion here reflects the very significant number of users who really do like the traditional menu system and who wish to...

17 hours ago by Moley on A tale of two distros: Ubuntu and Linux Mint
kevinmchapman

Er, no... It is an efficient means of finding the application/file/setting you need in one place. The icons are a simply a fallback for when you...

19 hours ago by kevinmchapman on A tale of two distros: Ubuntu and Linux Mint
TerryRK

Isn't the provision of a text based search an admission by the developers that the mass of icons approach does not work? I don't need to use a...

20 hours ago by TerryRK on A tale of two distros: Ubuntu and Linux Mint
kevinmchapman

"Unity and GNOME 3 both abandon the old text-based cascading menus in favour of a graphical icon-driven system." Point truly missed. Both use a...

21 hours ago by kevinmchapman on A tale of two distros: Ubuntu and Linux Mint
TerryRK

whs001 - Thank you, I'm glad you liked the article. I absolutely agree with you on your first point. I should perhaps have made it clearer that...

21 hours ago by TerryRK on A tale of two distros: Ubuntu and Linux Mint
Dennis Nilsson

If we allow corporate interest to dictate the way our government circumvents due process against foreign entities then we should accept the same...

22 hours ago by Dennis Nilsson via Facebook on ACTA stumbles in Germany
GHar123

I totally dislike pirating of works, I fear that artists will be deterred from creating works if they think that they are going to get ripped off....

24 hours ago by GHar123 on ACTA stumbles in Germany
JCB33

How dare film makers, artists or anybody that invests in creativity stop us pirating their works for free. I want to be able to walk into my local...

1 day ago by JCB33 on ACTA stumbles in Germany
Moley

@GrueMaster. I prefer horses for courses rather than one size fits all. I, and I suspect most other computer users, do not really wish to have...

1 day ago by Moley on A tale of two distros: Ubuntu and Linux Mint
greycynic

The product that scares me every time I have to use it is the Office 2007 version of Excel. The first bug that I found was applying the median...

1 day ago by greycynic on Ten flawed products that derail productivity
GrueMaster

Nice review and very informative. One thing I'd like to add (in reply to whs001's 1st question), the main reason to have the same interface from...

1 day ago by GrueMaster on A tale of two distros: Ubuntu and Linux Mint
Frederick Wrigley

I'be been using Mint 12 since the RC came out, and I am far more happy with the Cinnamon, the Mate, and, yes (with extensions), theGnome 3...

1 day ago by Frederick Wrigley via Facebook on A tale of two distros: Ubuntu and Linux Mint
bdantas

Excellent article. One small correction, though--although a fresh installation of Linux Mint 12 will, indeed, provide the user with a version of...

1 day ago by bdantas on A tale of two distros: Ubuntu and Linux Mint
Alan Ralph

In related news, the ISPs club together to get the members of the Home Affairs Select Committee (ya goofed on that part, ZDNet UK) copies of "The...

1 day ago by Alan Ralph via Facebook on MPs urge ISPs to take down terrorist material
Alan Ralph

In related news, the ISPs club together to get the members of the Home Affairs Select Committee (ya goofed on that part, ZDNet UK) copies of "The...

1 day ago by Alan Ralph via Facebook on MPs urge ISPs to take down terrorist material
Moley

For Gnome 2 die-hards, it is possible to add icons to the bottom panel (or top top panel, if you prefer) which provide the exact Gnome 2...

1 day ago by Moley on A tale of two distros: Ubuntu and Linux Mint

Latest in IT Strategy

Heart of England NHS begins massive digitisation plan

Hard-drive woes hit PC shipments in fourth quarter

Featured white papers

CIO challenges: Bringing your iPad to work

Aruba Networks

CIO challenges: Bringing your iPad to work

The arrival of personal technology in the office is a challenge for all organisations, but how can it be adapted securely for corporate... Read more

The Relevance of Cloud Infrastructure to Enterprise Challenges

SAVVIS

The Relevance of Cloud Infrastructure to Enterprise Challenges

This white paper reviews the evolution of data center outsourcing, and introduces cloud offerings within this historical... Read more

Graphene: A guide to the future from ZDNet UK

ZDNet UK

Graphene: A guide to the future from ZDNet UK

What is graphene? How is graphene made? And why isn't a graphite pencil worth thousands of pounds? Explore this strange material with ZDNet UK's guide to... Read more

Inside ZDNet UK

A tale of two distros: Ubuntu and Linux Mint

A tale of two distros: Ubuntu and Linux Mint

2012 Predictions: VCE FastPath, VI SAN Probe & Hadoop

2012 Predictions: VCE FastPath, VI SAN Probe & Hadoop

BlackBerry Bold 9790

BlackBerry Bold 9790

How to handle data replication

How to handle data replication

Ten factors that make Ubuntu 11.10 a hit

Ten factors that make Ubuntu 11.10 a hit

Toshiba Portégé Z830-10P Review

Toshiba Portégé Z830-10P Review

BT's archive: Pictures from the vault

BT's archive: Pictures from the vault