NINESTAR BLOG

A message from our Chief Technology Officer

Ross Ferson

Dear NineStar Member/Customer:

I wanted to take a moment to give you some information about how NineStar is affected by the latest security exploit making its way around the internet.  For those of you who have not heard, there is a particularly nasty flaw in widely used software that will allow a bad actor to remotely execute commands.  

Let me stop right here and say there will be a TL;DR (too long; didn’t read) at the end for those of you who just want the summary.  I know I can drone on about nerdy stuff.

Back to it now:  This vulnerability in a piece of software called ‘Log4J’ can allow a bad actor to send remote commands and allow the takeover of the target machine.  Apple, Google, and the U.S. Government are just some of the entities affected by the issue.  In fact, the U.S. Government has recently taken machines offline until they can confirm if they are affected by the vulnerability.  The issue at hand is that the vulnerability allows for a bad actor to issue some commands and the affected machine will run them without checking for proper authorization.  To make matters worse, this takes zero skill to initiate and there are already tools created to make it even easier to exploit.  Now that I have told you how bad it is, you are likely wondering, “How does this affect NineStar?”.  Keeping in mind that this is early in the discovery process but here is where we are so far:

We have reached out to the software vendors we use to confirm their vulnerability to this attack.  These vendors fall into the below categories:

A: Not affected by vulnerability.  This the best possible category.  Nothing to see here!  Move on! 

B: Affected but patch available or workaround in place.  In these cases, we have either implemented the patch or used the workaround in place.  

C: Vulnerable but no patch available.  In this instance, we have deployed countermeasures to make sure we operate as safely as possible.  This is NOT a long-term solution and if a patch or workaround is not available in a brief time frame, we may be forced to take machines off-line until a patch is available.  

D: Researching if vulnerable.  We are working with vendors to get answers as soon as possible.  Again, if we do not get proper answers in the immediate future, these machines may be taken offline or otherwise changed to eliminate the possibility of exploitation. 

Here are some other things to know:

A: NineStar has been aware and working on this issue since Friday (12/10/2021).  The vast majority of our public facing infrastructure does not have this software installed and is therefore unaffected.  

B: Our monitoring tools have been updated to specifically look for traffic associated with this vulnerability and thus far, has not seen any actively suggesting we are actively being targeted. 

C: Our EDR (Endpoint Detection and Response) software has been updated with the latest info and is actively scanning for entities trying to exploit this vulnerability.   

D: Most importantly, we show no signs of being negatively impacted currently.  

I want to stress that this situation is very fluid and new information is coming out almost hourly.  If our situation changes and we need to make service impacting moves, we will, of course, inform you.  At this time, it is believed that any changes that would be made would not affect your services with us, but only availability of information on our website.  

TL;DR:  Bad people found a way to do bad stuff on the internet.  We know about it and are taking appropriate measures.  This is not the first time and will not be the last time.  

For what it is worth, this is being called the worst internet vulnerability in the history of the internet with 100’s of millions of devices affected.  Around here, we call it Monday!  

If you got this far, I applaud you.  I felt it was important to make sure you knew what we knew and that we are on top of it.  We appreciate you being our customer and as I always say, without you, there is not an us.  

Thank you and if you have any questions, feel free to ask!  317.326.4357 or support@myninestar.net or post in comments below.  I’ve seen your comments on other posts, I know you guys aren’t shy!

Ross Ferson

Chief Technology Officer

NineStar Connect