 |
|
DAILY NEWS AND INFORMATION
FOR THE GLOBAL GRID COMMUNITY /
|
Breaking News -
Security:
Core Internet Technology
Vulnerable, Experts Say
Researchers found a serious security flaw that left core Internet
technology
vulnerable to hackers, prompting a secretive effort by international
governments and industry experts in recent weeks to prevent global disruptions
of Web surfing, e-mails and instant messages.
Experts said the flaw, disclosed Tuesday by the British government, affects
the underlying technology for nearly all Internet traffic. Left unaddressed,
they said, it could allow hackers to knock computers offline and broadly
disrupt vital traffic-directing devices, called routers, that coordinate the
flow of data among distant groups of computers.
Web services, utility computing, .NET, CPU harvesting and distributed
computing are just a few of the technologies that fall under the Grid
computing umbrella. Gt04 -- a premiere enterprise Grid computing conference
targeting industrial and commercial users -- will gather experts, and outline
strategies and road maps for Grid deployment. For more information, visit
www.gt04.com.
Grid computing is here!
"Exploitation of this vulnerability could have affected the glue that holds
the Internet together," said Roger Cumming, director for England's National
Infrastructure Security Coordination Centre.
The flaw affecting the Internet's "tranmission control protocol," or TCP,
was
discovered late last year by a computer researcher in Milwaukee, Paul Watson,
36, who said he identified a method to reliably trick personal computers and
routers into shutting down electronic conversations by resetting the machines
remotely.
Routers continually exchange important updates about the most efficient
traffic routes between large networks. Continued successful attacks against
routers can cause them to go into a stand-by mode, known as "dampening," that
can persist for hours.
Experts previously maintained such attacks could take between four years
and
142 years to succeed because they require guessing a rotating number from
roughly 4 billion possible combinations. Watson said he can guess the proper
number with as few as four attempts, which can be accomplished within
seconds.
"The biggest concern is (the effect on routers) because of the risk of
bringing down the Internet or severely disrupting traffic on the Internet,"
Watson said.
Already in recent weeks, some U.S. government agencies and companies
operating
the most important digital pipelines have quietly fortified their own
vulnerable systems because of early warnings communicated by some security
organizations. The White House has expressed concerns especially about risks
to crucial Internet routers, since attacks against them could profoundly
disrupt online traffic.
"Any flaw to a fundamental protocol would raise significant concern and
require significant attention by the folks who run the major infrastructures
of the Internet," said Amit Yoran, the U.S. government's cybersecurity chief.
The new flaw has dominated discussions since last week among experts in
close-knit security circles.
The public announcement coincides with a presentation Watson expects to
make
Thursday at a popular Internet security conference in Vancouver, where Watson
said he will reveal full details of his research.
Watson, who runs the www.terrorist.net Web site, predicted that hackers
will
understand how to begin launching attacks "within five minutes of walking out
of that meeting."
"It's fairly easy to implement," Watson said. "Someone walking out of the
conference would immediately understand. No matter how vague I am, people will
figure it out."
|