Reigning Security Exploits of 2014

Come On People

Until recently, I wasn’t aware that I’m one of the few who consistently maintains an updated computer. I thought it was a no-brainer. You’re notified by Windows Update or the App Store and after clicking some variation of ‘Update,’ TA-DA! You’re done!

It really couldn’t get any easier, right? If you take into account the period of time the computer itself is unusable, maybe you’ll find an argument against updating somewhere. But really, who can’t find 20 minutes every 3-4 months to, at the very least, install updates to the core OS and maybe even some major apps?

I can’t say for sure, but probably the majority young people. It’s astonishing how many college students will go a year or more without as much as one update. If this was 2001 that attitude wouldn’t pose a problem. Unfortunately, it looks like we’re on the brink of a cybercrime wave the magnitude of which is reasonably unknown.

Protect Yourself

If there’s one single reason you should consistently update your personal computer, it’s the previous statement. At this point, almost everyone is aware of the wave of breaches in credit-card information databases at massive retailers like Target or The Home Depot. What most ignore, especially those that grew up with technology, is the danger posed to individuals in addition to multi-billion dollar companies.

90% of core system updates patch critical security flaws. The number of major security exploits has grown steadily in the past year alone and will probably only increase for as long as we live. Here I’ve listed the two crown jewels of 2014. If you haven’t heard of them there’s a good chance you might benefit from a quick update or two..

 

1. Heartbleed

heartbleed

“The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).

The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.”

Hopefully you learned about Heartbleed when it made the news earlier this year. It was the first real security exploit that affected nearly everyone who used the internet and caused quite a disturbance in the days before it was patched.

If it’s been more than six months since you’ve installed updates, it’s highly likely that you’ve missed a multitude of patches from manufacturers correcting for the exploit in their respective programs.

Even though you may feel you aren’t of interest to a ‘hacker,’ wouldn’t you rather not find out?

heartbleed.com

2. Shellshock

Shellshock is a more recent exploit rumored that’s to pose a far larger threat than Heartbleed. I neglected looking into the details of the exploit this time around and opted to just look into the status of a patch for my OS. Multiple updates were already being released as early as the very next day. Here’s an excerpt from Symantec:

“The vulnerability affects Bash, a common component known as a shell that appears in many versions of Linux and Unix. Bash acts as a command language interpreter. In other words, it allows the user to type commands into a simple text-based window, which the operating system will then run.

Bash can also be used to run commands passed to it by applications and it is this feature that the vulnerability affects. One type of command that can be sent to Bash allows environment variables to be set. Environment variables are dynamic, named values that affect the way processes are run on a computer. The vulnerability lies in the fact that an attacker can tack-on malicious code to the environment variable, which will run once the variable is received.”

ShellShock: All you need to know about the Bash Bug vulnerability

You can see why this exploit has the potential to wreak far more havoc than Heartbleed. You’re definitely at risk if you own a Mac and haven’t updated in a few months as several patches were released shortly after its discovery.

Your Task

The severity of exploits like those mentioned isn’t going to get better anytime soon. It’s easy to get caught in the mentality that ‘my computer runs great, why would I update it?.’ Even if it does “run great,” I can hardly imagine that you’d enjoy it not doing just that.

Hopefully this struck a chord and sounds like something you wouldn’t enjoy. Take a few minutes every week and install the one or two available updates, sometimes it’s even less. The intimidation that comes with a year’s worth of neglected updates is eliminated. Not to mention the time commitment virtually disappears as well.

An up to date computer is the only part an owner can play in preventing harmful circumstances from befalling himself and his computer. Education and subsequent action to protect yourself will always prove more time and cost efficient in the long run.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s