You may have seen the news about a Linux vulnerability branded ‘Dirty COW’, which affects many Linux servers. An overview of the vulnerability is below and what you need to do.
What is Dirty COW?
Dirty COW is a new Linux vulnerability referred to technically as CVE-2016-5195. The name came from the fact that it exploits a mechanism called ‘copy-on-write’ and is known as a privilege escalation bug. This means that if attackers manage to get a foot inside your system they can then use Dirty COW to take total control, so it’s crucial to protect yourself. The bug has only recently came to fruition but has been around for nine years – which means it’s likely that many Linux servers have been affected.
What do you need to do?
Install the latest Linux patches available on your Linux web server. Speak to your web hosting company to get this updated. Clients hosting with us, our web servers have been patched as soon as the vulnerability was made public.
We strongly recommend running a manual server check if an automatic patch isn’t available to you. If you have any questions regarding the vulnerability or your solution please contact me and I can talk you through the solution.
For those interested in the more technical details behind the exploit, read all about Dirty COW.
Unless you have been living in a cave over these last couple of weeks, you’ll probably have heard about the cyberattack that broke the internet for a few hours on several occasions. So what actually happened? It all starts with the DNS.
DNS stands for Domain Name System, in non-technical terms this is the technology that turns www.contradodigital.com into the servers IP address where your website files are hosted, for example, 18.104.22.168. There are many providers of DNS technology in use on the internet, with many providers using managed services of larger companies who have invested millions in the underlying hardware and infrastructure which enables the internet to work seamlessly. One of these companies providing DNS is called Dyn and here is where the cyberattack happened.
When the attack was happening, internet users in the following areas highlighted in the image below were unable to access many popular websites including websites like Twitter, SoundCloud, Spotify, Shopify and many more.
Image source: http://thehackernews.com/2016/10/dyn-dns-ddos.html
This is a significant part of the US and UK when customers and businesses could not access websites, meaning a significant drop in ecommerce sales for many organisations and a huge drop in productivity for those companies working in digital. For a system as large as the internet, which has been build with redundancy in mind, an attack of this scale is one of the worst we have seen to date and the seriousness of this means that businesses need to really step up in their cyber security efforts both large and small.
To read up more about the specifics of what a DDoS attack is and how this all happened, visit the Dyn website who have provided a write up on what happened.
Ultimately this attack was caused by hackers exploiting internet connected smart devices such as web cams and the likes. With the enormous rise in smart and internet connected devices available on the consumer market now, it is devices like this which are being exploited by hackers. When the software has been designed badly or built with un-updatable code or has been built with security holes in the code, it is this what is being exploited. Specifically using the Mirai software.
Distributed Denial of Service attacks are notoriously difficult to protect against, particularly on this scale with over 300,000 devices attacking a system. This is on the macro scale though and this really does just go to show that no matter how big you are attacks can happen to anyone. The even more worrying aspect is that this code has now been released open source so that the code is available to anyone wanting to exploit the same loophole.
The reality is that smaller and medium sized businesses are never reported on in the news. We deal with several hacked websites per month when businesses have failed to protect their self against cyberattacks. As a business owner you need to take cybersecurity seriously, and that means more than simply installing an antivirus and firewall on your laptops.
Picture this. You own a hotel. Imagine every door, windows, emergency exit and air vents into the building are ways of an attacker getting in. Not imagine your antivirus and firewall are your receptionists, blocking unwanted visitors in the building by locking the front door. Now imagine that all of the other doors, windows and vents in the entire building are left wide open for attackers to exploit. This is the reality that most businesses are dealing with without even realising. The software equivalent of this is that websites and web servers run outdated code, aren’t updated and active add security holes through using inefficient technologies and people to build systems. I cannot stress this enough, take cyber security seriously before you become the next victim. Sticking your head in the sand thinking that you will be fine will ultimately result in your business becoming the next headline. Be proactive.
Take advantage of our Free Digital Disaster Recovery Audit and test yourself on our Digital Evolution Score Card to see how advanced you are as an organisation and hence capable of dealing with problems. Better still, get in touch and we’ll talk you through the various options available for protecting your business, website and digital assets from cyberattacks.
Click “Update Preferences” at the bottom of this email.
You’ve been receiving email newsletters from us for some time now which is great to see you enjoying them so much. We’ve a lot more content on the website that we tend not to email out to most people as it would be information overload or far too technical.
That’s why we’ve just built the capability for those of you interested in more regular or technical content to subscribe to these newsletters alongside the main one so you can receive useful updates should you wish.
We’ve had the Digital Pulse for quite some time which is a group of updates from official sources in the digital world to keep you updated every single day. For those of you who view this on a regular basis, you’ll be well aware of how fast the digital world changes and most importantly, what you need to be doing about these changes.
For those of you who don’t have the time to visit the Digital Pulse daily, then you’ll often miss the important updates that are being announced. That’s why you can now subscribe to the Digital Pulse newsletter too.
Simply click the “Update Preferences” link at the bottom of this email and you can update your profile to receive daily updates about what has happened in the digital world over the last 24 hours that you need to be aware of.
The majority of this news is non-technical which is great. There may be a few technical bits thrown in here too now and again, but it’s mainly understandable designed for everyone to read.
For those of you who are more technical who are subscribed to the newsletter you can now subscribe to our Developer Blog too which is a place where we get really technical about how to implement certain aspects of digital technologies or share results of tests we’ve been doing and what we’ve been experimenting with recently. This is all the content that is cutting edge that can help you implement similar items within your own organisation.
Simply click the “Update Preferences” link at the bottom of this email and you can update your profile to receive monthly updates about we’ve been up to with lots of helpful tips and guides along the way.
As we’ve automated our entire email marketing platform now, this frees up a significant amount of time every month so we can continue to bring you more exciting news, updates and relevant information that is happening in the world of digital. Stay tuned for more exciting news! You’ll also be glad to know that the updates will be much more regular now too as we never have to remember to send you an email newsletter, it happens automatically.
If you aren’t interested in getting deep involved with digital or you are putting your head in the sand about how the world is changing, unsubscribe now as you will be receiving more emails about what you need to be doing. You can either adapt to these changes or ignore them and hope they go away. They won’t go away. The world is changing at such a fast pace today that we’re stepping up the communication to share with you all of the core changes that you need to be aware of and what you need to be planning for.
And if you’re interested in how we did all of this in the background and how you can do this yourself, take a look at how you too can automate your email marketing campaigns with WordPress and MailChimp.
Something which has been on our own to-do list for far too long than I’d care to admit, we’ve finally got around to automating our email marketing campaigns. Firstly, if you aren’t on our mailing list yet, why, it’s awesome and we share some amazing content like this you’re reading now. Secondly, get signed up at the bottom of this page by entering in your email address.
Now let’s look at what we’ve recently got set up and how we’ve automated our entire email marketing campaigns so we can spend more time focusing on writing great content, running events and training courses and generally connecting with businesses and people much more efficiently. Why spend time doing something manually if you don’t need to, right?
What’s Wrong with Manually Sending Email Marketing Campaigns?
Ok, so let’s quickly cover this one. Firstly, if you are sending email marketing campaigns through something like Outlook, you are doing it all wrong. Head over to our Really Simple Guide to Email Marketing to understand why.
Now, we’re assuming you’re using an email marketing tool such as MailChimp. And do you know what, sending email marketing campaigns manually is absolutely fine. There is nothing wrong with doing this at all. But. If you are sending email marketing campaigns manually to share content such as Blog Posts or Events that you are running, you are wasting time doing this manually when you could automate the entire process. It’s all about saving time so you can be more productive in what you are doing.
So let’s look at how you can automate your email marketing campaigns with WordPress and MailChimp.
WordPress RSS Feeds
If you didn’t already know, virtually every type of content on your WordPress website has an automatically generated RSS Feed URL that can be accessed when you know where you are looking. Take a look through the WordPress RSS Feeds List for information on where to look.
For example, here is our main Blog’s RSS Feed URL if you want to take a look what this looks like;
Find the relevant RSS feed that you want to use to send email marketing campaigns to your audience as you’ll need this shortly.
Within MailChimp you can segment your Lists into different Groups based on what people have subscribed to. There are many way of organising your MailChimp subscribers, so we’re not going to cover that right now. For the purpose of this blog post, we’re going to use Groups to segment a single List based on what people are interested in which helps to keep everything easy to manage to avoid duplication.
To create a Group in MailChimp you navigate to your List, then click on Manage Subscribers then Groups which will allow you to enter in specific information about how you want to group people together.
The reason you want to create a new Group is so that you can allow your audience to subscribe to multiple different groups from the same Newsletter. This allows you to send emails to specific groups of people within your mailing list. Simply configure the relevant settings for yourself as this information will display when a user is updating their subscription preferences;
Ok, so now you’ve created a group, let’s start to join everything together. In the first instance you can even migrate people into specific groups should you wish.
Here is how the data you enter in this section will display when the user is managing their profile on your newsletter.
MailChimp RSS Campaigns
Create a Campaign
Firstly, create a new campaign in MailChimp but be sure to select an RSS Campaign as the campaign type as this comes with a few handy settings that have been automatically built in for you.
Confirm your RSS Feed Settings
Enter in all of the settings related to when you want to be sending your campaigns and where the data is coming from. In this example, we’re looking to send out content from the Developer Blog so we enter in this information here.
Select Your Recipients
Next you need to select who you are sending the emails to. Here you are going to want to send emails to a Group of users you have just created earlier. This could be for a specific set of content on your website or even a specific interest if your website has multiple interests on there.
There are a lot of options here so we’re not going to cover everything. Use the options that are best suited for your individual needs.
Personalise your Campaign Information as Usual
If you are reading this blog post, you’ll already be used to creating your campaigns as normal and personalising the relevant information so we’ll skip over this bit here. Just make sure you do this when you are creating the campaign.
Choose an RSS Template
Simplicity is key here which is why you should choose one of the default RSS templates which you can select. This will automatically include lots of handy information for you which will speed up your development for sending RSS campaigns.
Design your Email Template as Usual
Again, we’re not going to cover this part here. All of the pre-populated fields have been created for you when using an RSS template, so you’re all good to go. Simply personalise the look and feel of your campaign as you see fit.
Preview & Test
The next step is to preview and test your campaign. This is so important to do as you can really annoy people when you mess up a campaign and send it out with missing information and or incorrect information.
Start RSS Campaign
Then you’re good to go, start your RSS campaign running and you will never have to worry about manually sending email marketing campaigns again.
This really is just the starting point about what you can do when you start to automate your email marketing campaigns. Take the time to think through what you are doing, why you are doing is and what you are looking to get out of it. Automation can save you so much time when you think strategically about what you are doing.