Software

Google and Red Hat Found a Dangerous, Widespread Bug

Google and Red Hat Found a Dangerous, Widespread Bug
Image credit: Pexels
3 min read
This story originally appeared on Fortune Magazine

Engineers at Google and Red Hat independently found an egregious bug in very widely-distributed computer code library known as “glibc”.

The bug, which dates back to 2008, affects hundreds of thousands of devices and programs that use software derived from the GNU free-software project. The products, which range from servers to routers to Internet-of-things devices, are vulnerable when they try to use a certain function to translate web addresses into their underlying, numerical IP addresses.

If an attacker controls the web server or domain name the victim is trying to communicate with, or if someone is intercepting the communications between the victim’s device and the server or domain name, it’s possible to make the victim’s computer crash -- or, with some effort, to even insert malicious code in that machine.

Computers running Windows or Mac OS X or iOS or Android should not be affected.

Google explained in a blog post that one of its engineers had discovered the bug when she found a problem with software she was using for remotely controlling a computer. It turned out that two Red Hat employees were also examining the bug’s impact.

Google released a piece of code that proves the vulnerability can crash a victim’s computer. It said it has also developed a proof-of-concept for remotely running code on the victim’s machine, but it’s not releasing that publicly, for obvious reasons.

There is now a patch for the bug, and server administrators should definitely be installing that right away. People using Linux versions such as Canonical’s Ubuntu should be moving quickly to protect themselves.

Given the severity of the bug, there are now at least two points worth considering.

Firstly, as Google Chrome security engineer Chris Palmer pointed out, the episode highlights the fact that free-software projects don’t always fix their bugs in a timely manner -- it turned out someone first raised this bug last July.

Secondly, we can probably expect to see servers and such get patched quickly, but devices with embedded software -- routers and Internet-of-things devices, for example -- don’t typically get updated very often, if at all. Internet-of-things manufacturers in particular have a legendarily lax attitude to security.

If a computer doesn’t have a screen attached to it, people tend to forget that it’s a computer and needs regular care and attention. In cases like this, that’s a problem.

More from Entrepreneur

Terry's digital marketing expertise can help you with campaign planning, execution and optimization and best practices for content marketing.
Book Your Session

In as little as seven months, the Entrepreneur Authors program will turn your ideas and expertise into a professionally presented book.
Apply Now

Are paying too much for business insurance? Do you have critical gaps in your coverage? Trust Entrepreneur to help you find out.
Get Your Quote Now

Latest on Entrepreneur

My Queue

There are no Videos in your queue.

Click on the Add to next to any video to save to your queue.

There are no Articles in your queue.

Click on the Add to next to any article to save to your queue.

There are no Podcasts in your queue.

Click on the Add to next to any podcast episode to save to your queue.

You're not following any authors.

Click the Follow button on any author page to keep up with the latest content from your favorite authors.