Stop, Drop, and Call your Web host – Ghost Linux Vulnerability

Leave a reply

I hate being Chicken Little but this one sounds pretty critical:
Highly critical “Ghost” allowing code execution affects most Linux systems | Ars Technica

The vulnerability in the GNU C Library (glibc) represents a major Internet threat, in some ways comparable to the Heartbleed and Shellshock bugs that came to light last year. The bug, which is being dubbed “Ghost” by some researchers, has the common vulnerability and exposures designation of CVE-2015-0235. While a patch was issued two years ago, most Linux versions used in production systems remain unprotected at the moment. What’s more, patching systems requires core functions or the entire affected server to be rebooted, a requirement that may cause some systems to remain vulnerable for some time to come.

I have a VPS at LiquidWeb and when I reached out to them about my server this morning the patch had not been applied. They patched and rebooted the server for me. Here is what I sent them. I suggest you reach out to your web host or sysadmin as well:

Subject: Is this a concern? The vulnerability in the GNU C Library (glibc)
Message Body:
Hi,

I just read about The vulnerability in the GNU C Library (glibc) on this page:

http://arstechnica.com/security/2015/01/highly-critical-ghost-allowing-code-execution-affects-most-linux-systems/

Has the patch for this been applied to all LW servers? Besides this account I have a handful of client accounts and want to make sure all VPS and Shared servers are up to date.

Sincerely,
Roger

Video thumbnail for vimeo video Know people and know business - Simon Sinek Speech - Roger Williams Media

Know people and know business – Simon Sinek Speech

Really good presentation from Simon Sinek a few years ago about how critical it is to understand and care about people if you want your business to thrive:

[pullquote]When I work with clients on their content marketing I tell them not to have a script. They need to speak unrehearsed about their business and how they can help clients.[/pullquote] Its a connection thing. You have to care about the people you work with if you want them to continue working with you.

Take a moment the next time you are talking with a client and think about what you are saying and how you are saying it. Are you acting in self interest to make the sale or are you listening to what their problem and is really trying to fix it?

Thanks to Mike at Phonami for sharing this with me after we met at the Clio Conference this week.

clio conference weather forecast

#ClioCloud9 is next Monday!

Did you get your ticket yet? Based on the reminder email I got this morning I am pretty sure this conference is gonna rock it!

Clio is going to have some strong hands on presentations about using Clio to make your law practice better – Clio 101

Still on the fence? Read about a few experiences from last years #ClioCloud and why they are coming back for more – Three Clio Returnees

Worried about what to pack? The Clio team has put a good resource together here – What to pack for #ClioCloud9

See you in Chicago!

WordPress 4.0 is all about Content

The self install version of WordPress released its latest update this week and the version number is 4.0. This release adds a lot of nice features for creating and managing content on the worlds most popular website creation platform. Here is a nice short video introducing the new features. I like the update to the content creation page that will reduce scrolling, though it doesn’t seem to be working on my site just this moment. The media management update will be very handy as well:

Forget Akismet just add the GitHub Comment Blacklist

I am usually late to the party on a lot of the cutting edge things in WordPress. One thing I have used as a default for years is Akismet for managing spam comments on installations. It works very well but can be a hassle to setup and costs money if you are doing anything serious or businessy. Eventually I just ended up ignoring comments as the box just fills with spam comments.

Today I was poking around a new installation and noticed a Blacklist feature on /wp-admin/options-discussion.php:
wordpress comment blacklist feature alternative to akismet

Seeing this I thought: “Brain, why dont we just put a list of common spam terms into this list and be done with at least 60% of the spam we get in comments?” and I thought back: “That sounds great but I bet someone smarter already thought of this so lets check the Googles!”

Pleasantly after searching for “good words for wordpress comment blacklist” I clicked the first result: https://gist.github.com/splorp/1385930 which links to the useful result here: https://github.com/splorp/wordpress-comment-blacklist.

It sounds like enough people have checked this thing against Akismet and it cuts mustard. Happy hunting.