For weeks, computer security experts have warned about a new threat to the internet called the Badlock Bug that affects Windows computers.
The experts who issued the warning were consultants that work with a software tool called Samba. Samba is widely used software to help Windows work better with Linux and Unix systems. The Samba people were working with Microsoft to patch the Badlock Bug.
The experts, a German company named SerNet which discovered the Badlock bug, created a website and alerted everyone to be ready on April 12, the date when the patch would be finished and all the details about this scary and devastating new threat would be revealed.
They gave the bug a brand “Badlock,” created a logo, did a marketing campaign, building this up like another Heartbleed, the scary bug discovered in 2014 that affected most of the internet.
“Please update your systems. We are pretty sure that there will be exploits soon,” the Badlock website warns.
But, once the details of Badlock were revealed on Tuesday, it turned out to be a not-so-critical bug at all. It’s true the bug can allow an attacker to gain control of a Windows network, accessing a widely used Microsoft system for managing passwords called Active Directory. However, to use the bug, the attacker already has to have hacked inside a network.
It’s like a warning that thieves have a new way to steal your valuables with the first step being that they need to get the key to your house.
With the threat clearly in the hype category, the response from IT professionals and general security industry has been hilarious. Critics have renamed the bug “Sadlock” and a new Twitter meme has been born.
1. Compromise an enterprise network from the inside
2. Modify arbitrary AD traffic
3. Escalate privilege