Warnings / Alerts 2016 & Before

September 26, 2014

On September 12, 2014, a vulnerability (or ’bug’) was discovered and disclosed on September 24, 2014. That bug is called ’Shellshock’ (and sometimes ’Bashdoor’).

It is a bug in the Unix Bash shell (or ’Bourne Shell’), which is kind of like a command line on a computer.

First Bug

The first bug causes Bash to unintentionally execute commands when the commands are concatenated to the end of function definitions stored in the values of environment variables. Within days of the publication of this, intense scrutiny of the underlying design flaws discovered a variety of related vulnerabilities, which were addressed with a series of further patches.

Attackers exploited Shellshock within hours of the initial disclosure by creating botnets of compromised computers to perform distributed denial-of-service attacks and vulnerability scanning. Security companies recorded millions of attacks and probes related to the bug in the days following the disclosure.

Vulnerability

Shellshock could potentially compromise millions of unpatched servers and other systems. Accordingly, it has been compared to the Heartbleed bug in its severity.

Only Unix (and Linux) servers that run the vulnerable version of Bash, and that have direct connections to the internet, may have been compromised. The City of Canton did find one server that was vulnerable, it was patched as the patches became available. None of the City’s servers were compromised.

April 15, 2014

Last week news was disclosed about a Secure Sockets Layer (SSL) vulnerability in the OpenSSL library* that is used by some Apache web servers, they have dubbed the vulnerability ’Heartbleed’.

This vulnerability is found in OpenSSL versions 1.0.1 through 1.0.1f, and 1.0.2 beta. Any server running any of those versions should be immediately upgraded to OpenSSL version 1.0.1g or 1.0.2 beta 2, and obtain a new SSL certificate. We have checked all of our servers that use SSL, and have found that none of our servers have ever been affected by this bug. We are confident that our servers and all users of our sites were not exploited by the Heartbleed vulnerability.

Nontechnical Definitions

Secure Sockets Layer (SSL) - a communication protocol computers use to take information, encrypt it, transport it across a network or the internet, and decrypted it on another computer.
library - a software library basically contains software that is not used by users directly, but by other programs.

Note

Our "Nontechnical Definitions" are only meant to give nontechnical people a hint of what the word or phrase actually means in the context it was used in, they are not official definitions.

August 12, 2013

It has come to our attention that somebody is sending an e-mail claiming to be from the City of Canton with an e-mail address of ’contactus@cantonohio.gov’ and asking for some personal information.  Do not respond to it, it is not from the City of Canton.

Here is the text of that fake email:

HELLO,
WE WERE DIRECTED TO FORWARD THIS MESSAGE TO YOU. TAKE THIS VERY SERIOUSLY AND KEEP THE DETAILS CONFIDENTIAL:
WE HAVE IN OUR CUSTODY FUND LEFT BEHIND TO YOUR FAMILY BY A LATE RELATIVE. GET BACK TO US IMMEDIATELY FOR COMPLETE INFO. PLEASE PROVIDE THE FOLLOWING DETAILS NOW FOR VERIFICATION SO THAT WE CAN FORWARD FURTHER DETAILS.
(1)FIRST NAME:.........(2)LAST NAME:.........(3)POSTAL ADDRESS:........ (4)DIRECT MOBILE NUMBER:......THANKS.

Update

This e-mail has a spoofed "from" e-mail address (noted above) which was never a real e-mail address for us or the attacker, and it has a different "reply to" e-mail address which usually stays hidden until the recipient clicks the ’Reply’ button.  This is a fairly simple thing to accomplish, it can be done within most e-mail clients (ex. Outlook, Thunderbird, etc.) and it can also be accomplished programmatically.

The "reply to" e-mail address in this scenario is a ’disposable’ e-mail address that is set up by the attacker and it will usually bounce your reply through several other e-mail addresses (most often in different countries to make it more difficult to track down the real person[s]). The ’disposable’ e-mail address is usually abandoned after a few days.

Compromised Servers

The City of Canton network and servers have not been compromised and it does not seem like the fraudulent e-mail was ’bounced’ though the City’s e-mail servers.

If you or any one you know has received an unexpected and suspicious e-mail that claims to be from the City of Canton, please forward it to our Web Master email.  Once we get it we can determine if it is valid or fraudulent.