Improper programming around a little-known but ubiquitous communication protocol used in networking gear, Abstract Syntax Notation One, or ASN.1, has the government, networking manufacturers, security researchers, and IT executives worried that networks--including key parts of the Internet, phone systems, and the electrical power grid--may be vulnerable to disruptive buffer overflow and malformed packet attacks.

The problem, made public last week, was first identified in February when Internet security watch group CERT Coordination Center disclosed products vulnerable to attack because of a weakness in the Simple Network Management Protocol, in which ASN.1 is widely used. The fallout from the ASN.1 problem may especially threaten electric utilities, which rely on ASN.1 throughout their power grids. "That includes power grids for nuclear power generators,'' says Michael Erbschloe, VP of research at research firm Computer Economics.

"We don't know the scope of the problem," says a network administrator at a major electric utility. "We installed a lot of equipment that runs ASN.1 when we did our Y2K work."

Lucent Technologies Inc. says it's identifying which of its products depend on ASN.1. But Cisco Systems is waiting for more information. Right now, it's like "looking for a needle in a haystack," says Mike Caudill, a product security incident response manager at Cisco. That worries the chief security officer at a large insurance company, who says, "I'd rather Cisco find any potential problems in their equipment before some hacker group."