Tackle the GHOST bug before it spooks your systems says Simon Wilcox, MD of managed services hosting company Digital Craftsmen.
Vulnerability specialists at Digital Craftsmen, the London-based bespoke hosting company, have been hard at work combating computer bug GHOST since its disclosure on Jan 27th 2015.
Hackers are using the bug to wrest complete control of systems. All GNU/Linux servers are vulnerable, as the affected ‘target’ code is used in so many Linux applications.
“Fighting GHOST — a potentially very serious bug — isn’t something you can automate,” commented Wilcox. “Nor should you leave to internal IT staff or developers with other roles and responsibilities. You need specialist resources looking after your internet-facing servers.”
Digital Craftsmen’s hosting team members are hardened veterans of battles against bugs such as Poodle and Heartbleed, and have been quick to repel the hackers.
“We’ve been working to mitigate the problem since the initial disclosure,” continued Wilcox. “Our team has carried out threat assessments for each of our clients and taken appropriate action to secure their servers.”
GHOST targets vulnerability in Linux servers’ ‘glibc’ package. Multiple programmes use these packages, which share common code libraries, giving hackers numerous ways to compromise a target server.
“These kind of problems don’t fix themselves,” added Wilcox. “Malevolent hackers exploit these bugs and it takes a real person to neutralise them. Hosting, after all, is about humans not machines.”