Feds, Industry, Battle the Biggest Bug

Wednesday, 12 June 2002, 3:03 PM EST

Four months after a public advisory warned of security vulnerabilities in a ubiquitous Internet remote management protocol, there have been no widespread attacks exploiting the holes. But technology companies and a special U.S. government panel are quietly evaluating the threat of related vulnerabilities in some of America's most critical electronic infrastructures, including the telephone network, the power grid, and the next generation of air traffic control systems.

On February 12th, Carnegie Mellon's Computer Emergency Response Team (CERT) issued a high-profile alert about serious security holes in dozens of implementations of the Simple Network Management Protocol (SNMP) -- the Internet's standard language for monitoring and controlling routers, switches and other devices. It was big news in itself, with nearly two hundred companies forced to evaluate, and in some cases patch, their products. Perhaps owing to CERT's careful behind-the-scenes advance coordination with vendors, months later there have been no reports of mass exploitation of the vulnerabilities.

But while the Internet-oriented CERT warned only about SNMP security holes, the research on which they based their advisory had farther reaching implications.

[ Read more ]




Spotlight

Unpatched, vulnerable PDF readers leave users open to attack

Unpatched, vulnerable PDF readers are a big security issue for private PC users. 14% of PC users in the US have an unpatched operating system, and that Oracle Java yet again tops the list of applications exposing PCs to security risks.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Fri, May 1st
    COPYRIGHT 1998-2015 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //