Threats 101
Ryan Harnedy
Apr 2016

Badlock 101: Skip the Hype and Patch the Bug

Photo by Source

badlock_logo_black.jpg

What is Badlock?

Badlock is a bug that affects Windows Active Directory\File Sharing and the Open Source Samba implementation, which is a free software that allows Linux, Unix, and Mac operating systems to send and share files with Windows devices. It’s also very common for Samba to be utilized in printers, gaming systems, and even smart appliances like TVs.

The bug could allow hackers to to execute a “Man in the Middle” or DDOS attack, giving them illegal access to the computer or device and the network it’s attached to.

You can check out the CVE for Badlock here: https://www.samba.org/samba/security/CVE-2016-2118.html

Why all the hype?

Samba is widely used and is standard on almost all distributions of Linux. It’s one of the most common ways for a Windows computer to share information with other machines (including non-Windows computers). Theoretically, if someone can access your Samba connection they can access your computer, illegally access your user account, and gain access to other devices and services on your network.

That said, much of the hype built up around Badlock has been in response to the way it was announced. The discoverers of the bug, German company SerNet, issued a PR campaign, a dedicated website, and even a logo for Badlock, announcing full details and patches would be released in three weeks time (details were disclosed on April 12, 2016).

It’s worth noting the considerable effort involved in issuing patches across Windows workstations, Linux, and OSX, not to mention the sea of embedded products that leverage Samba like printers, routers, Roku boxes, and even phones via third party apps. Three weeks isn’t an unreasonable timeframe to make sure all that is coordinated. 

Even still, critics responded by calling the campaign a PR stunt and accusing SerNet of effectively giving hackers three weeks to uncover the flaws and develop exploits before patches could be released.

Who is affected?

While everyone with a Samba connection is theoretically vulnerable it’s important to remember that, unless your Samba connection connects to the Internet, attacks can only be perpetrated by people who are directly connected to the same network. However this is something think about if you’re an enterprise or work off of a larger network.

What you need to do?

Patch it. Most vendors will be pushing out patches over the next few days, so if you get a notification to install or update Samba be sure to do so as quickly as possible. Other than that, try to limit your Samba connection’s Internet access and be on the lookout for any suspicious activity on your network.

Badlock.org also has some recommendations for how to mitigate MITM and DDOS attacks while you’re waiting for the patch to be pushed out.

Ryan Harnedy

Ryan Harnedy

Ryan writes about how to make cybersecurity make sense to end users and keep employees safe from ransomware, malware, and phishing attacks. He enjoys decoding buzzwords and sharing security tips that users might actually follow.

lock-white.png

Close the gaps in your security

Stop paying for AV, get the strongest protection instead. See how Barkly blocks attacks that are getting past AV.

See a demo

Comments

Stay informed!

Get the latest security news, tips, and trends straight to your inbox.