Hysteria over Net flaw unfounded, says security expert
Hysteria over Net flaw unfounded, says security expert
Reports that a flaw in the Internet's most widely use communications protocol has left the Internet open to a fatal attack were exaggerated, according to the researcher who is thought to have uncovered the weak link in the first instance.
Paul Watson, a security specialist for Rockwell Automation, said the actual threat to the Internet was now very small, as the flaw, which exists within the TCP (Transmission Control Protocol), which is the most common protocol for transporting data over the Net, has already been remedied by the major Internet service providers (ISPs).
If the problem had been left unchecked, the potential existed for hackers to launch what is known as a reset attack, whereby the user's Net session is terminated without warning. Such an attack can also cause a lot of problems for network hardware.
"At this time, Symantec has seen no evidence of systems being widely impacted by this exploit," said Vincent Weafer, senior director, Symantec Security Response. "Internet Service Providers are aware of the TCP flaw and fixes have been made available for some time by multiple vendors. As a result, Symantec does not feel that this exploit will have an immediate impact on Internet activity, disrupt Internet traffic or cause system outages.
"Internet Service Providers are aware of the TCP flaw and there are a number of mitigation strategies. Among others, IT administrators should turn on IP security (IPSEC) which will allow for sensitive TCP protocol data to be encrypted when transmitted over the wire. While there are serious risks if systems are left unpatched, the majority of the systems should be safe."
One such area that remains at risk, according to Watson, is e-commerce sites that manage their own routers and have not yet implemented a fix in the mistaken belief that they are not at risk, as such sites that have routers which share information through the Internet are the most vulnerable to attack.
Related Article: