What do Clocks, Cars, and Warships have in Common?
Jun 27,
2017
A few months ago we had Daylight Savings Time. My parents were delighted to discover that “the clock” in their car automatically adjusted itself, as did their computer. But now they had to change the two clocks in their bedroom, the two clocks in the kitchen, and several others around the house. How did the […]
Patch Your Samba Servers or Risk a Worse Version of WannaCry
May 31,
2017
The big cybersecurity news of the past couple of weeks has been the WannaCry worm. It took advantage of some rather old bugs, dating back to Windows XP and Windows Server 2003. We got lucky! The vulnerability, the problems in the targets, allowed unlimited abuse. But the exploit, the attackers’ code, had a built-in “kill […]
Patch Bash Now, Shellshock Exploits Are Widespread
Oct 14,
2014
I was recently doing some work at a Major Financial Institution when I overheard two systems engineers comparing notes: “I have to install that Bash shell patch on my servers by the end of next month.” “Hah! My servers don’t have to have it until the end of the month after that! Guys, please. Patch […]
The Shellshock Bug Hits Linux and the Internet of Things
Sep 27,
2014
The security world came abuzz recently when a very serious bug was announced in the GNU Bash shell. It’s a bad one, easy to exploit and with serious results. The new trend is to give a significant bug a catchy name and logo, and this one quickly became known as Shellshock. Here is a […]
Patching the Cloud
Jun 5,
2012
Vulnerability CVE-2012-0056 is a nasty one if you’re running a Linux kernel release 2.6.39 through 3.2.1. The exploit is a privilege escalation attack, meaning that the attacker has to get a foothold on your system. But once the attack has an unprivileged process on your system, its privileges can be elevated to root. Game over. […]