Check out the most "terrible" Linux vulnerabilities in 2014!

Source: Internet
Author: User
With the rapid development of cloud computing technology, users can store their data on the cloud, and many applications on the cloud platform become important. At the same time, & ldquo; Software Definition & rdquo; with the continuous development of concepts and applications, the voices of today's users for software applications are constantly increasing. How to ensure the most critical security check for users & ldquo; cloud Vulnerabilities & rdquo; for enterprises, many key businesses require the support of enterprise software, if the software applied by the enterprise has a critical vulnerability

With the rapid development of cloud computing technology, users store their data on the cloud, and many applications on the cloud platform become important, at the same time, the continuous development and application of the concept of "software-defined everything" has led to a growing demand for software applications.

How to Ensure users' security check for the most critical "cloud vulnerabilities"

For enterprises, many key businesses require the support of enterprise software. If the software applied by the enterprise has a critical vulnerability, it will cause incalculable losses to the enterprise. In this article, we will talk about the fatal enterprise software vulnerabilities in the past year.

Heartbleed

This "heartbleed" vulnerability was first exposed in last April. It allows hackers to directly attack any server using OpenSSL. It not only cracks encrypted data, random data can also be read from the memory, affecting about 2/3 of servers across the network.

In addition, it allows hackers to directly steal user passwords, private keys, and other sensitive data. Even if the Heartbleed is fixed, the user needs to modify the password on a large scale.

Till now, many servers have not been repaired. According to statistics, 0.3 million of network devices have not been installed with patches, including network cameras, printers, storage servers, routers, and firewalls.

Shellshock

Shellshock, which has been in existence for two years, has been put into the Unix "bash" function and has never been publicly discovered. Linux or Mac servers including shell tools may be affected.

In last September, when a vulnerability was discovered, thousands of computers were infected with malware and used for botnet attacks. In addition, the initial patch will soon be found to have its own vulnerabilities. Robert David Graham, the first security researcher to find this vulnerability, said it is more serious than Heartbleed.

POODLE

Six months after Heartbleed attacked encryption servers around the world, a group of Google researchers discovered another encryption vulnerability that could attack devices connected to the other end of the server: computers and phones.

This vulnerability in SSL 3.0 allows hackers to attack users' phones and intercept all data encrypted between users' computers and online services. Unlike Heartbleed, if hackers want to exploit the POODLE vulnerability, it must be in the same network as the intruder. This vulnerability mainly threatens to open the Wi-Fi network.

BadUSB

The most sinister vulnerability found in 2014 has nothing to do with the vulnerability in software code, which makes it almost impossible to fix. It was BadUSB, its first appearance at the Black Hat conference in December, putting USB security into a crisis of trust.

Since the memory chip can be overwritten, hackers can use malware to infect the USB controller chip, which makes it unable to be scanned as usual. For example, a thumb drive may contain imperceptible malware and steal user commands.

Only about half of the USB chips are rewritable and will be attacked by BadUSB. However, USB manufacturers often make painstaking efforts to change suppliers, and it is almost impossible to know which devices are vulnerable to BadUSB attacks. The only solution is to use a USB device as a "syringe" and never share it or insert it into an untrusted device.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.