Lately it seems there has been no shortage of critical vulnerabilities being discovered in commonly used software. In the past couple of weeks alone, Adobe has had to release patched versions of Flash to address a trio of publicized zero day vulnerabilities. While as a host that doesn’t really impact us directly, it should be a top priority for anyone browsing the web. The vast majority of end-user computer infections come from malicious content taking advantage of such vulnerabilities. These can often lead to your login information being compromised which certainly does become an issue for us. As always, please be sure you’re staying up-to-date with these Flash patches as well as those for your operating system, web browser, Java, etc.
We also now have GHOST to add to the recent list of big named vulnerabilities that include Heartbleed, Shellshock and POODLE. GHOST is a critical vulnerability in glibc which got its name because of its relation to the _gethostbyname function.
Researchers at Qualys discovered the bug dating back to 2000. This issue was patched back in 2013 but unfortunately at that time it was not deemed a security issue and thus many popular Linux distributions didn’t backport the fix. This left many distributions, including some of those from Red Hat, CentOS, Debian, and Ubuntu vulnerable. The fact that this vulnerability could be exploited remotely by an unauthenticated attacker, such as via the popular Exim MTA which cPanel uses, made it critical for immediate patching. Rest assured that we were monitoring the situation very closely and had all of our servers patched within an hour of it becoming available. Security is a top priority here at Dathorn and we’re always keeping an eye out for new concerns. Stay safe!