Leave a comment

New bug taking over the Internet

If you think back a year ago, the big news was the Heartbleed bug that left millions of servers around the Internet vulnerable to snooping from hackers. That eventually got fixed, but this year we're getting a scary bug that lets hackers go beyond just snooping.

It's called Venom and it could potentially let hackers take over entire datacenters. Datacenters are collections of servers that host Web services and websites. Imagine if hackers could read or modify the information for any website or online service and you get a sense of the seriousness of the problem.

To better understand how Venom works, let me explain a little bit about virtual machines. In most data centers there isn't a single computer for each websites or service. Instead, the hosting company will create multiple virtual machines on a single server, and each VM acts like its own server.

Did you know: You can create virtual machines on your own computer. It's a good way to test out a new operating system or create a safe space for financial programs. Click here for a free VM program.

VMs can't talk to each other (they don't even know other VMs exist), so information in one VM is completely safe from any other VM. The only thing that connects VMs together is a master program called a "hypervisor." It's that connection, the hypervisor, where a dangerous flaw has been discovered that could let clever hackers attack.

A lot of modern hypervisors are based off an open-source computer emulator named QEMU. Unfortunately, it turns out QEMU has a decade-old flaw in the virtual floppy disk controller.

A hacker who gets into any virtual machine on a server can use that flaw to crash the hypervisor and take over every VM. Hence the bug name Venom, which stands for "Virtualized Environment Neglected Operations Manipulation." That's an acronym almost worthy of a James Bond movie.

Fortunately, the security researchers who found Venom alerted the VM makers, and urgent patches for major programs are either out now or expected very soon. Many datacenters can upgrade all their hypervisors at once, but there could be some companies that need to do them one at a time, which leaves them vulnerable.

There's no indication hackers know about this flaw, or have made the software yet to take advantage of it. However, that doesn't mean much if companies don't get this fixed soon.

What can you do about this? If you have a website, call up your Web host and see if they've updated their VM or if they are running a VM program that isn't affected.

If your Web host is not familiar with the issue, you can let them know that the affected VMs include Xen, KVM and VirtualBox (the virtual floppy disk isn't on by default). VMs that aren't in trouble are VMware, Hyper-V and Bochs.

Another danger to this is that hackers could take over a website and put up malicious code that attacks flaws in your computer security. Make sure you keep your browser, plugins and operating system up to date to close potential flaws.

Next Story
Source: ZDNet
View Comments ()
Phone companies could owe you money. Here's how to get it
Previous Happening Now

Phone companies could owe you money. Here's how to get it

Update Windows now against three critical flaws
Next Happening Now

Update Windows now against three critical flaws