NSW: Telstra urges users not to panic over SNMP flaw
By Natasha Skrivankova
SYDNEY, Feb 15 AAP - Australian companies are acting swiftly to protect their computersystems in a worldwide race against hackers trying to take advantage of a new flaw inthe internet.
The flaw in the infrastructure of the internet could allow hackers to gain privilegedaccess to computer networks, enabling them to take control of systems and all the datawithin them.
America's computer watchdog the US Computer Emergency Response Team (CERT), partlyfunded by the US Defence Department, has issued a 17-page warning to system administratorsaround the world of the flaw in SNMP (Simple Network Management Protocol).
The warning, the first time CERT has attempted to get a step ahead of hackers globally,says that computer systems worldwide could be shut down, rebooted, erased and used toattack other systems.
In Australia, the NSW Government and major communications companies like Telstra andOptus today urged the public not to panic as they worked on solutions to stop hackerstaking advantage of the flaw.
CERT recommended installing "patches" from vendors and blocking access to or disablingSNMP services.
The NSW government confirmed it had used the patches to protect departmental systemsat risk and had warned all government agencies.
"We've installed patches to protect the system and sent out warnings to all the governmentagencies," a spokesman for the NSW Minister for Information Technology Kim Yeadon said.
Galvan Cheung, a systems engineer at C10 Communications, which supplies network productsto Telstra and Optus, said he had been working around the clock to address the problem.
Mr Cheung said more than 100 Australian telecommunication companies, including Telstra,Optus, Microsoft, Cisco Systems and Nokia have been working around the clock to addressthe problem.
"This is a major security flaw that could bring down every computer connected to theInternet, every physical network device, all the machines," he said.
Telstra's public affairs manager Anton Jones said the telco was taking the securitythreat seriously since first hearing of it on Tuesday from CERT.
"We're aware of this issue and we're working through its implications," said Mr Jones.
"It's a serious issue, no doubt ... but to extrapolate from that a situation wherethe whole internet is about to crash and everybody's computer is vulnerable and the worldis about to end is a bit extreme.
"It's too early to say exactly what's going to happen."
Microsoft posted a patch addressing the problem on Wednesday, a spokesman said.
Cisco Systems, which powers most of the internet, also released new patches this week,but is still working on the problem.
Cisco Systems Asia Pacific director of corporate affairs Terry Alberstein said theSNMP flaw created a "theoretical vulnerability".
"We've not heard of any single confirmed instance of the vulnerability being exploited," he said.
"[But] we certainly believe that the alert is serious, we're not by any means playing it down.
"We're working really aggressively with Telstra and Optus and many others who are providingor are having connectivity to the Internet to make sure that their vulnerabilities arebeing taken care of through patches and fixes."
Mr Alberstein said Cisco had been aware of the problem since last year when a FinnishOulu University research team first alerted CERT to the flaw, which had gone unnoticedsince SNMP was developed in the late 1980s.
Authorities had been working in secret on the flaw since its discovery but went publicthis week after it appeared details were about leaked to the media.
The Internet Industry Association (IIA), which represents 90 per cent of internet trafficin Australia, said it was alerting its ISP members and directing them to the CERT websitefor information.
The IIA's David McClure said hackers had not yet penetrated computer systems in Australia.
"(But) people's systems are vulnerable. The advisory is out and the work is underwayto fix it," he said.
AAP ns/jjs/mo
KEYWORD: NETWORK NIGHTLEAD
No comments:
Post a Comment