VENOM Floppy Drive Vulnerability is Serious

Heartbleed, Eat Your Heart Out!

According to an article in El Reg last month, Jason Geffner, a senior security researcher with security firm CrowdStrike, discovered a vulnerability in virtual machines and has dubbed it VENOM, which stands for Virtualized Environment Neglected Operations Manipulation.

VENOM Vulberability Heartbleed
VENOM Vulberability vs Heartbleed

What Is VENOM, Exactly?

As mentioned, VENOM stands for “Virtualized Environment Neglected Operations Manipulation,” but what does that really mean? Basically, VENOM affects the QEMU virtualization hypervisor. It can crash a virtual machine connection or even use it as a launching point to get further into the system, which accounts for the “Virtualized Environment” part of the acronym.

El Reg wrote:

The bug is considered highly dangerous, because it affects not only systems running QEMU itself, but also other virtualization software that takes advantage of QEMU, including the widely used KVM and Xen open source hypervisors. The affected software will be vulnerable regardless of what operating system it is running on, because QEMU is built from the same code base for all platforms, including Linux, OS X, Windows, and others

Should You Be Worried?

If you’re running  Bochs, Microsoft Hyper-V, and VMware, you’re going to be fine. In fact, as long as you’re not using something based on QEMU, you should be okay. At least for now. One of the notable things about this vulnerability (besides it being dangerous) is that it’s been around for over a decade now.

The actual part of the code that is vulnerable has to do with mounting a virtual floppy drive. Yep, I said floppy drive. Ah, how time flies online, right? In any case, the virtual floppy disk controller can do some serious damage if not plugged. You might be saying that no one even uses this technology anymore, and you’d be right, but by default QEMU loads it no matter what. Nice, right? (This is the “Neglected Operations Manipulation” part of VENOM.)

What’s really disturbing is that QEMU with the vulnerable floppy controller setting was being used by at least one cloud service provider – namely, Rackspace. Amazon Web Services and Microsoft’s Azure Cloud were both unaffected. And Rackspace told El Reg they, “”…have applied the appropriate patch to our infrastructure and are working with customers to fully remediate this vulnerability.”

Will Vulnerabilities Ever Cease?!

Well, no. And they may become increasingly common in the future. Remember our talk about the so-called Smart Grid not being very secure? Well, that’s some serious stuff. As the world continued to become more connected, attacks against the infrastructure and individual nodes will continue – not to mention trying to get into home computers.

Since it’s not going to end, if you spend any amount of time online, you’re going to want to make sure you take steps to protect yourself. This means keeping your software updates, using SSL / TLS, and more. Another good idea is to look toward potential security threats in the future. While parts of the Patriot Act expired, it doesn’t mean people aren’t watching you online.

What’s /. Have to Say About the Matter?

Here’s a few Slashdot (/.) Comments…

The SSL Takeaway

As mentioned above, security vulnerabilities are going to be with us for a while. Well, at least until the singularity arrives and rebuilds our communications from the ground-up or maybe middle-out ala Silicon Valley. In any case, for now, we all have a responsibility to help make the web as secure as possible for both us and future generations.

Have any thoughts on VENOM, Heartbleed or vulnerabilities in general, leave a comment below and let us know your opinion!