A bug has been discovered that could compromise “everything on the Internet”, according to reports that Google and security company Red Hat found a security flaw in the Internet's domain name system (DNS). The flaw, found in a universally used protocol, means that an attacker could use it to infect almost everything on the entire Internet, according to a report in International Business Times. The bug was also reported as 'widespread and dangerous' in Fortune Magazine.
Glibc bug: treasury management systems at risk?
These reports may sound slightly exaggerated, but if there's some truth in them, then the flaw in the widely-used code could be exploited by cyber criminals to allow them to get remote access to devices. This could lead to 'man-in-the-middle' attacks and could affect all types of programmed, connected devices, from computers, Internet routers or other connected pieces of equipment. Yes, that means treasury management systems too!
A more sober report on the security bug, from BBC news, said that the “mega bug” could “potentially affect hundreds of thousands of devices, apps and services.”
The problem affects the Linux operating system and is found in GNU C standard library (glibc) - a open-source library of code that is widely used in Internet-connected devices.
Patch available: take steps to mitigate the risk of an attack
Google engineers and Red Hat researchers have already created a patch and in the original Google online security blogpost announcing the problem, Google staff wrote: “If the vulnerability is detected, machine owners may wish to take steps to mitigate the risk of an attack.”
The irony of the story being reported by one news source under a headline saying “... DNS security flaw ... enables malware to infect entire internet”, appearing right next to a Microsoft advert praising “the promise of the Cloud”... may not be lost on readers.
Treasury's rush to the Cloud
And it's that little word 'Cloud' that may ring alarm bells for corporate treasurers. Cloud has become very much a buzz word in recent years, with companies increasingly moving their financial processes online and storing highly sensitive, suitably encrypted data on the Cloud. (Of course treasury's faithful attachment to the Excel spreadsheet hasn't gone away). Treasury management systems (TMSs) are becoming increasingly Cloud-based, meaning that the world's biggest corporates now have far more of their financial and payments data online than ever before. TMS providers reported a major move to Cloud-based systems in early 2015. Kyriba, Reval and new entrant Bloomberg TRM all now offer treasury systems on the Cloud.
The Cloud dichotomy
This just leaves the corporates treasurer or CFO to ponder the Cloud dichotomy: you're damned if you don't, but you're damed if you do. That is unless you ensure your systems are fixed with the latest patches and it seems likely that the glibc patch is one you shouldn't let under the radar.
Like this item? Get our Weekly Update newsletter. Subscribe today