BBC Home
Explore the BBC
BBC News
Launch consoleBBC NEWS CHANNEL
Last Updated: Thursday, 25 January 2007, 12:51 GMT
Net 'backbone' has security patch
Mouse and keyboard, Eyewire
Consumers do not need to take any action
The firm that makes hardware for much of the backbone of the internet has released three patches for security holes in its products.

Cisco has issued the fixes to internet service providers who are expected to roll out repairs in the coming days.

But there is concern that malicious hackers could exploit the flaws in the routers before the problems are fixed.

At least one of the holes could lead to e-mail and internet access issues, according to security experts.

Mikko Hypponen, chief research officer with F-Secure, said: "There's not much consumers can do themselves; these patches affect only the internet infrastructure itself, the routers which companies are using to pass on net traffic.

"Some sites and services might be down."

There will always be new vulnerabilities. The internet will never be 100% safe
Mikko Hypponen, chief research officer, with F-Secure

However, Cisco has said it is not aware of "any current exploitation of these vulnerabilities".

In a statement the company said: "Cisco is aware of multiple vulnerabilities that may impact Cisco IOS and IOS XR devices and has published three separate security advisories about them.

"In all cases, Cisco has made free software available to address the vulnerabilities for affected customers."


One of the holes could see a malicious hacker take control of a Cisco router and install software of their choosing.

"Any flaws in Cisco routers that are in widespread use is very concerning as these are the basic building blocks of the internet," said Mr Hypponen.

The problem affects the backbone of the net

But he said the types of attacks would be limited because there was little financial motive.

"If you look at the different attack scenarios and who would use those vulnerabilities, it's not that obvious who would exploit these holes - you can attack certain operators or companies and crash their public services such as e-mail and web sites.

"I guess we will be seeing attacks from hobbyist hackers."

Mr Hypponen said he did not expect the problem to go on for long.

"Critical companies will patch their routers very quickly."

Mr Hypponen said that the news of the holes and the resulting patch had actually made the net safer, not more vulnerable.

"Although it looks like bad news it is good news too.

"There will always be new vulnerabilities. The internet will never be 100% safe."

Hi-tech crime: A glossary
05 Oct 06 |  UK
Storm chaos prompts virus surge
19 Jan 07 |  Technology
Tips to help you stay safe online
07 Oct 06 |  Technology
Spam surge drives net crime spree
26 Dec 06 |  Technology

The BBC is not responsible for the content of external internet sites

Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit


Americas Africa Europe Middle East South Asia Asia Pacific