You can be on Entrepreneur’s cover!

Google and Red Hat Found a Dangerous, Widespread Bug The bug, which dates back to 2008, affects hundreds of thousands of devices and programs that use software derived from the GNU free-software project.

By David Meyer

entrepreneur daily

This story originally appeared on Fortune Magazine

Pexels

Engineers at Google and Red Hat independently found an egregious bug in very widely-distributed computer code library known as "glibc".

The bug, which dates back to 2008, affects hundreds of thousands of devices and programs that use software derived from the GNU free-software project. The products, which range from servers to routers to Internet-of-things devices, are vulnerable when they try to use a certain function to translate web addresses into their underlying, numerical IP addresses.

If an attacker controls the web server or domain name the victim is trying to communicate with, or if someone is intercepting the communications between the victim's device and the server or domain name, it's possible to make the victim's computer crash -- or, with some effort, to even insert malicious code in that machine.

Computers running Windows or Mac OS X or iOS or Android should not be affected.

Google explained in a blog post that one of its engineers had discovered the bug when she found a problem with software she was using for remotely controlling a computer. It turned out that two Red Hat employees were also examining the bug's impact.

Google released a piece of code that proves the vulnerability can crash a victim's computer. It said it has also developed a proof-of-concept for remotely running code on the victim's machine, but it's not releasing that publicly, for obvious reasons.

There is now a patch for the bug, and server administrators should definitely be installing that right away. People using Linux versions such as Canonical's Ubuntu should be moving quickly to protect themselves.

Given the severity of the bug, there are now at least two points worth considering.

Firstly, as Google Chrome security engineer Chris Palmer pointed out, the episode highlights the fact that free-software projects don't always fix their bugs in a timely manner -- it turned out someone first raised this bug last July.

Secondly, we can probably expect to see servers and such get patched quickly, but devices with embedded software -- routers and Internet-of-things devices, for example -- don't typically get updated very often, if at all. Internet-of-things manufacturers in particular have a legendarily lax attitude to security.

If a computer doesn't have a screen attached to it, people tend to forget that it's a computer and needs regular care and attention. In cases like this, that's a problem.

David Meyer is a writer based in Berlin.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Editor's Pick

Business News

From Tom Brady to Kevin O'Leary – See Who Lost Big in the Wake of the FTX Crypto Collapse

The crash exposed an $8 billion hole in FTX's accounts, leaving investors and customers scrambling to recoup their funds.

Business News

This Highly-Debated Piece of Cinematic History Just Sold For Over $700,000 at Auction

The wood panel from "Titanic" is often mistaken as a door. Either way, he couldn't have fit. (Sorry.)

Fundraising

Avoid These 9 Pitch Deck Mistakes When Asking Others For Money

Crafting an efficient pitch deck requires serious effort, but at least it's not wandering in the dark since certain rules are shaped by decades of relationships between startups and investors.

Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.