Image via Shutterstock
You may have heard about the most recent security issue facing computing: the “Venom vulnerability.” Venom is the name of the new security issue that impacts some data centers, and could be exploited by hackers to access the data of millions of end users.
The 30,000 ft. View of Data Centers
Most data centers employ “virtual machines” to store your data. Typically they’ll take a physical server and instead of devoting that machine to just you and your data, they “virtualize” it. What this means is that they divide the server’s resources, storage, etc. into many different isolated environments. Initially, this can save you some money because instead of having to pay the upfront cost of a dedicated server, you are sharing space with several other companies for a monthly fee. Even though your data may be on the same physical server as a dozen other businesses, you typically can’t access any data on the server that isn’t yours. Your data center or cloud provider has systems in place that you rely on to ensure no one can access your data, either. Unfortunately, Venom exploits a fairly old technology still used by many data centers and runs right past all those “protective” systems.
How It Works: The Non-geek Edition
For a hacker to exploit this vulnerability, the first thing they need to do is gain access to a user’s login credentials. This can be accomplished by breaking into a public network, like a hotel’s WiFi, and stealing login information from a dedicated employee who happens to be logging in while traveling. Using the Venom vulnerability they can break out of that initial virtual machine and access other data and servers in the network. It appears that by using Venom, a skilled attacker can essentially access any part of the data center at an administrator’s level.
The Good News
First things first, your EDC data is not at risk. We do not use any of the affected technology in any of our servers, any of the servers we provide, or any of the virtual machines we configure. If you are using an EDC provided server, and it is being housed at a data center, it will also not be impacted by this vulnerability.
At time of publication, no one has any proof that hackers have utilized the Venom vulnerability, and the majority of impacted virtualization products have been patched to prevent this from occurring.
The Not-So-Good News
If other parts of your company’s technology infrastructure is on the cloud or at a data center, your IT department should double check that every step has been taken to fill those gaps in security. These types of vulnerabilities, while uncommon, are not unheard of in cloud computing. Symantec released research last month on how rookie hackers could access clouded files very easily. Dan Kaminsky, one of the nation’s top security researchers, suggests in a conversation with Fortune that the best way to avoid this issue is to have your own server. This ensures that your data is always isolated from other companies and potential hackers.
As always, let us know if you have any questions or suggestions by commenting below or emailing firstname.lastname@example.org.