Shop OBEX P1 Docs P2 Docs Learn Events
Bigger than Heartbleed, 'Venom' security vulnerability threatens most datacenters — Parallax Forums

Bigger than Heartbleed, 'Venom' security vulnerability threatens most datacenters

Ron CzapalaRon Czapala Posts: 2,418
edited 2015-05-15 06:01 in General Discussion
http://www.zdnet.com/article/venom-security-flaw-millions-of-virtual-machines-datacenters/

http://www.zdnet.com/article/venom-the-anti-toxin-is-here/
Venom, as described by its discoverer, Crowdstrike, an end-point security company, works by attacking QEMU's virtual Floppy Disk Controller (FDC). The first thing many of you think when learning this is: "Who cares, I've never used a floppy drive on my virtual machine (VM)!"

...

All versions of Red Hat Enterprise Linux (RHEL), which includes QEMU, could be attacked. Red Hat recommend that administrators update their system using the commands, "yum update" or "yum update qemu-kvm." Once this is done, you must "power off" all VM guests for the update to take place. Restarting the guest operating system is not enough because it would still use the old QEMU binary.

Anyone running a Linux server with QEMU installed should follow Red Hat's general instructions. For example, on Debian and Ubuntu, update your system with the following commands:

sudo apt-get clean

sudo apt-get update

sudo apt-get upgrade

power off your VMs, restart them, and you'll be safe.

Comments

  • LoopyBytelooseLoopyByteloose Posts: 12,537
    edited 2015-05-14 10:55
    I have always been wary of the VM approach to things. And I don't create unnecessary servers as they open the door to hackers.

    In any event, a quick peek via Synaptic package manager indicates I do NOT have QEMU installed
  • Heater.Heater. Posts: 21,230
    edited 2015-05-14 11:09
    You are wise to be wary of VMs and running service you don't need and probably aren't paying attention to.

    However, a Goodle or Amazon, or MS, or RedHat, RackSpace or a ton of others that want to sell space in the cloud for your servers like to put many VM instances on one machine. Thus maximizing revenue and utilization of hardware.

    What does "Bigger than heartbleed" mean? Like not much to worry about? Just an apt-get update and restart and l life continues as normal.
  • mindrobotsmindrobots Posts: 6,506
    edited 2015-05-14 11:50
    I'm not a skeptic BUT this is the headline on Crowdstrike's web page....

    CrowdStrike Uncovers Vulnerability Affecting Millions of Virtual Machines Worldwide Learn More

    ..thank you for keeping us all safe, Crowdstrike. :D
  • TorTor Posts: 2,010
    edited 2015-05-15 05:19
    Heater. wrote: »
    What does "Bigger than heartbleed" mean? Like not much to worry about? Just an apt-get update and restart and l life continues as normal.
    Not entirely - the problem is that those of us who have servers somewhere in the cloud are at the mercy of a third party (the company running the servers where our VMs are). I can log in to my server and do apt-get update; apt-get upgrade as much as I wish (and I just did), but that doesn't help for this problem (if the VM provider happens to use one of those VM setups which are affected by this problem). The provider is the one who will have to do apt-get update; apt-get upgrade. *And* my VM will have to be restarted after that too.

    -Tor
  • Heater.Heater. Posts: 21,230
    edited 2015-05-15 05:42
    Quite so. That's why we use cloud services, so that they worry about it instead of us.

    Do we trust our cloud service providers to do a good job?

    May be, may be not. As far as I can tell we are no less secure than having our company run such things itself :)
  • LoopyBytelooseLoopyByteloose Posts: 12,537
    edited 2015-05-15 06:01
    I suppose that living abroad as a non-citizen in my resident country has made be more conservative than most. Added to that, I am just too lazy and too frugal to keep up with all the security threats.

    Recently, I got a new ASUS ZenFone with Andriod, and my first few months of ownership were all about removing features that are invasive. I just wanted to replace a worn out cell phone and have a Chinese-English dictionary app that would work well with the touch pad input.

    And so, I still like to retain a 'personal computer' approach to living and sharing information. The whole 'cloud computing' concept seems to be a huge government agency honey pot - where they may snoop anyone that participates.

    The big threat to one's identity and data security is accumulated clutter that evolves into a full-time job of managing data. If something really needs to be secure, put it down on paper and lock it away in a safe location.

    Of course, there are times when I do fool around with servers -- just for the fun of learning. In those cases, I have a completely spare desktop PC that is loaded with Linux. If the project becomes too unmanagible, I simple can reformat the hard disks and start over.

    A lot of money is being made on paranoia. People will always spend money to feel better. In some cases, that means giving them a big jolt of fear followed closely by a reasonable solution will empty their pockets. Above all, I really appreciate the Linux has allowed me to use computers without the fear mongering.

    We use doctors, police, goverments, armies, insurance companies, and much more so that we don't have to worry about what might happen --- with varied success.
Sign In or Register to comment.