Welcome to Billy Law-Bregan
Reconnix is growing, and as a result, we’ve decided to hire more new staff. Our latest new member is Billy. We decided to expand our marketing department to take some of the load off Wes and ramp up our ability to generate interest in Reconnix and our services.
Billy joined us on the 26th September, and has really hit the ground running! We welcome Billy to the team, and look forward to working with him.
Danny the puppet master
Danny Roberts, a member of Reconnix’s operational team, has been very busy.
At Reconnix we use Puppet to maintain and build platforms for our various clients. As you can imagine these system are extremely precious, and require constant monitoring. We use Zabbix as a monitoring system to keep an eye on our platforms and lets us know if anything untoward is happening.
Both Zabbix and Puppet are OpenSource meaning that the code is made available for modification and contribution from other developers. This is where Danny comes in.
Danny has created his own puppet module (a shareable unit of puppet code) for managing both the Zabbix Server & Client. As of writing this, Danny’s module has had 48 downloads.
Danny’s actions epitomise the principles behind OpenSource technology and it’s great to have a member of the Reconnix team contributing back to the community. Thank you Danny!
More information on Danny’s puppet module is available for you to read and maybe download too!
Bash Back the Bullies
The Shellshock bug has reared its ugly head in the news, yet again. Alarmingly, the bug appears to be more serious than previously thought, according to the BBC. In fact, the security firm Rapid7 has rated Shellshock at a staggering 10/10 for severity due to both its low level of complexity and potential to do serious harm.
Shellshock, also known as the “Bash Bug”, concerns the command-line shell that is used in Linux and other Unix-like operating systems. So, websites and devices that are powered by these operating systems may well be vulnerable to attack.
What’s more, because of the nature of code development, the shellshock vulnerabilities are built in to a vast array of applications. In fact, Errata Security suggest that, “we’ll never be able to catalogue all the software out there that is vulnerable to the bash bug.”.
According to Cloudflare, two common forms of attack are reconnaissance and DDoS. A reconnaissance attack is when the attacker sends a command that, if the machine is vulnerable, will send a message to a third-party machine, which collates the data.
DDoS, on the other hand, is a much simpler attack. The attacker sends a multitude of commands telling the machine to sleep, rendering the machine unable to follow out legitimate commands.
Do not fret, though. Even though Shellshock is pretty severe, there are ways to prevent the attackers from accessing our machines. You can check the shell interpreters and Bash packages you are using. If they need patching, then it is essential that you patch them–even if some of the patches are incomplete. Moreover, set up defences around your web servers. According to ZDnet, if we don’t follow these procedures we could find our computers, “completely compromised.”.
However, that being said, according to ZDnet, all known security holes in Bash have been fixed. So, keep your patches updated, and keep the Bash attacks at bay.
If you enjoyed this, please leave a comment below. For the latest Reconnix news and updates about the world of OpenSource, don’t forget to follow us on Twitter.