Time to Reboot the Internet Again

Cisco Systems Inc., the company whose hardware routers are responsible for handling the majority of the world's Internet traffic, today issued patches to fix at least three very serious security holes in its products. This is generally not something that the average user needs to worry about, but I'm blogging on it because the flaws do have the potential to cause some problems that Internet users could experience in a very real way (i.e. e-mail and Internet access temporarily goes bye-bye).

Most Internet service providers will stagger the installation of these patches so as not to disrupt customers' online connectivity, but one of these flaws appears to be so easy to exploit that if the bad guys figure out how before ISP get around to patching then we could very likely see portions of the Internet go dark soon.

Indeed, one of the flaws that Cisco highlighted today appears to suggest that most of Cisco's routers are susceptible to what can aptly be described as a "ping of death," that is -- send a single, specially crafted data packet down the wire to the control interface for an unpatched Cisco router, and you could make the device either crash or you can install software of your choosing on top of it. Granted, any Cisco administrator will tell you it is a very bad idea not to severely restrict remote access to a router's controls, but this is a serious threat nonetheless.