X

GHOST: The Latest Hacking Vulnerability Affects Everyone


January 27, 2015 | Peter Yeh

The GHOST vulnerability is the hot new software bug and the end is nigh. It lets anyone take over a vulnerable Linux machine without knowing anything prior about it. Google, Facebook, and most of the internet runs on Linux, so this is a problem, a big one.

WHAT THE FUCK

GHOST means attackers could take over Linux servers using something as innocent looking as an email. This comes on the heel of other major vulnerabilities with silly names such as Shellshock, Heartbleed, and POODLE. If hackers don’t scare you, consider the fact that when Heartbleed was discovered last year, there were reports that the NSA had been exploiting it for two years. The NSA denied it, but who believes the NSA?

HOW DID THIS HAPPEN

To avoid being too technical, in 2000, there was an update to that had to do with the “GetHost” function which is why this bug is called “GHOST”. The update left a hole that an attacker could use. But no one noticed this hole until 2013. And even when it was fixed in 2013, it wasn’t treated as a security problem, so many Linux distributions do not have it.

Qualsys Security Podcast has released a video explainer if you really want to know all of the ways we’re fucked by this:

OH GOD WHY 

Glibc or the GNU C Library is the most common and an open-source form of the C Standard Library, and part of Linux. And everyone loves Linux, even Microsoft.

You’re probably reading this thanks to a Linux server right now. And GHOST means someone could take over and do anything, such as upload viruses, or steal user data.

WHAT NOW

UPDATE. It doesn’t matter if you’re on Mac, Windows or Linux, just update. Right now.

If you are a weirdo that rolled your own Linux, update glibc manually. Some examples of Linux versions that are vulnerable are: “Debian 7 (wheezy), Red Hat Enterprise Linux 6 & 7, CentOS 6 & 7 and Ubuntu 12.04.”

Qualsys, an internet security company, worked with major distributors to create a patch. 

UPDATE NOW.

20024028

I’M CRYING, PLEASE HOLD ME

Thankfully, Qualsys hasn’t released a working version of the hack yet. They’re waiting until half of all Linux servers are updated, and then are releasing it to force the hand of the remaining half. That seems punitive and reckless to put the straggling updaters at risk, but that’s how they roll in INFOSEC. When your job involves juggling trillions of 1s and 0s while people you’re trying to protect scream in your face about budgets, you get cynical.

Just mentioning that this vulnerability exists and that Qualsys is working with vendors to develop a fix means a hacker already knows and is working on reverse engineering it.

Pray your favorite website updates in time, may God have mercy on your bytes.

(Photo: Sandbox)