AS SECURITY MANAGEMENT TODAY went to press, news was breaking of a “devastating” new IT flaw that, according to e-security consultant ECSC, could have a far wider impact than last summer’s Code Red worm.
Researchers at Oulu University in Finland have discovered a security weakness that allows malicious hackers to crash or otherwise take control of a wide range of systems.

Apparently, the problem lies in the Simple Network Management Protocol (SNMP) that, unknown to many companies, is installed on a wide range of devices including computers, servers, printers and network equipment such as routers, switches and even firewalls.

SNMP allows security and IT managers to monitor and control network devices from their own desks, which saves time but could allow other individuals to manipulate and damage their systems.

The security community is currently busy monitoring attacks and assessing the impact on internal systems and the Internet. Large blue chip concerns including Microsoft, Hewlett-Packard and Cisco have already advised clients of the problem.

However, many businesses and their in-house management teams remain blissfully unaware of the threat that’s being posed.

Source

SMT