Since the announcement of the Shellshock Bash bug yesterday, there has been a lot of confusion on what this is, and how it may impact people. At the high level, it impacts bash, which is a “shell” program for systems running on some flavor of Unix such as Linux. For those who are interested in the details, please visit the links in the reference section. In this post we want to discuss how Shellshock impacts different groups and what can be done:
The Heartbleed bug has been all over the media this week. The reason it’s generating so much buzz is because of its potential large impact. Many large websites have this vulnerability, so pretty much everyone needs to change some, if not all, of their passwords to minimize the impact.
Many websites have come out and said that they have seen no evidence of any access or data breach. However, according to Codenomicon, the organization that announced this vulnerability, an attack may not leave any trace. Therefore, consumers have been warned to change their passwords just to be on the safe side.
There are several lists (list 1 and list 2) out there that show which websites were affected, and which ones were not. I was glad to see that Paypal and my financial institutions were not impacted. However, I did see that Yahoo was affected, and likely Google (Google announced that there is no need to change the Google Account password, though many experts still recommend that you do so) as well. All internet users should check now to see if they need to change the password to any site that they login to.
The new gTLD’s (generic top-level domains) are now a reality, with the first batch of new gTLD’s going live within the last week. There are 7 new gTLD’s that are available on the web now:
How is the adoption so far? Out of the 7, .GURU appears to be the most interesting, so that’s the one I took a look. As of today (February 5, 2014), there are 22 .GURU domains indexed by Google, 4 of which can be considered as a complete site:
A new malware targeting Mac computers have been found and is given the name Dockster. Dockster is a backdoor malware that allows the attacker to compromise the victim’s computer by logging keystrokes and downloading files. It infects computers in the same way as the Flashback malware, which was first discovered in September, 2011. This particular exploit was due to a vulnerability in Java, which Apple had issued a patch for in April, 2012. Systems that have not been patched, however, are still vulnerable to this malware.
I have been following BOTW’s promotions this year, and the best I’ve found so far is 20% off. So, if you’ve been thinking about submitting to the BOTW directory, but have been hesitant because of the price, now is the time to act!
There’s a lot of discussion on the DNSChanger malware, with some articles using eye-catching headlines such as “malware may knock thousands off Internet on Monday.” I did some research on this topic and below are the facts around this malware.
What is DNS Changer
The DNSChanger malware was created in 2007. The affected computers had their DNS settings altered so that everytime that computer access the internet, it uses cybercriminal’s DNS server. The end result was that users would see unwanted ads, as well as being redirected to sites that were not their intended targets.
Over the weekend, reports surfaced about a new malware called Flame (some called it Flamer, and some others called it Skywiper). Within a short period of time, all top antivirus vendors, for example Symantec, Kaspersky, and McAfee, published information on this malware. So far, this virus has been found to affect Windows machines, and it has been detected mostly in the Middle East.
The details on this threat, despite the scrutiny, are not 100% clear. What is known is that it is 20MB, a huge size for a threat. The reason it’s so large is because it has many different modules. The sheer size means that it will likely take antivirus vendors a long time to fully analyze Flame.
Yesterday morning there were reports of computers going into a continuous rebooting cycle due a a glitch with McAfee’s antivirus software update. Apparently this only affected McAfee’s enterprise customers, and only on computers running Windows XP SP3. Even though the absolute number of computers affected does not appear to be large (McAfee’s own press release puts that number at 0.005% of all machines running McAfee), the story nevertheless made it to the front page of Digg, and Twitter was abuzz with anti-McAfee tweets. What’s worse, malware vendors have used this opportunity to spam search engine results, leading unsuspecting users to download viruses and trojans.