February Security Brief: Ghost vulnerability – What is it?

Ghost Vulnerability sounds like the name of a Tom Cruise “Mission Impossible” movie. Wait, I believe that was “Ghost Protocol.” Anyway, the latest problem in the cyber world was discovered by Qualys, an internet security firm, who found the problem during a code audit. The problem being is that there is a glitch in Linux, which is a very commonly used operating system. Google, Facebook, and most everything on the internet runs on Linux. It’s basically the first piece of programming software used to actually turn your computer on, and get it running. So within this system, the glitch they found or “ghost” could actually allow a hacker to take remote control of your system after just sending a simple malicious email. Thus all your personal information, passwords, pictures, and financial records could be at risk. That’s just to name a few things that a hacker would love to come across.

This “poltergeist” of the computing world first appeared in 2000 but was fixed in May of 2013 and not deemed a further threat. Or so they thought until now. “Ghost” comes from the problems with the GetHOST function. Qualys was able to prove the existence of the ghost by sending a specially created email to an Exim mail server known to be running the vulnerable version, and they were able to get full control of the system in question. So the question is what do you do if you think you have a computer with this uninvited visitor? If you have a Linux-based system, including home firewalls, and routers you should check with your vendor, or the maker of your distribution to see if you need a patch. Get it, and apply the patch as soon as you can to prevent any tampering with your system. Don’t forget as well to reboot your entire system after you have applied the patch. Then you should be safe from this troublesome ghost.


CEO, Author of the #1 Risk to Small Businesses

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}