One of the few non-controversial opinions in cybersecurity is that enabling any arbitrary user to get super-user privileges, without any caveats is a bad thing. This is a good training-wheels policy that anyone can grok and perhaps use as the base to all other policies – Mandatory Access Controls, SELinux and AppArmor, Group Policy, AI/ML based customized policies and what not.
Having a bug that bypasses such a foundational premise is arguably a bad thing. Said bug having existed since 2011 (for 9-ish years) is assuredly a worse thing. However, said security vulnerability having a, and I quote, “Workaround:None.”, is perhaps even worse (and not quite true.)
What I am describing is the latest in a long line of unstoppable cybersecurity vulnerabilities whimsically named Baron SameEdit (CVE-2021-3156). It’s kind of a big deal.
I’ll skip the typical buildup and get to the punchline upfront:
All Polyverse customers were impervious to this bug before either we (i.e. Polyverse), they (i.e. Customers) or anyone else (i.e. Security Researchers, patch creators, patch deployers, etc.) knew about the bug.
If you’re running Polymorphing on your systems you’re good. You’ve been good since August 2017, when the solution came into existence. If you would like to get on board, definitely reach out to us and we’re happy to help secure you preemptively against future zero-days.
With that out of the way I can now talk about the dichotomy between why the researchers at Qualis thought the bug had no workaround and why Polyverse users were preemptively safe without any workaround needed.
When we think of stopping cybersecurity vulnerabilities, traditional security thinking falls into three categories, each of which relies on trusting that systems can be made perfect:
What’s the root problem across all three? Your entire security posture relies on trusting a lot of things to be “perfect”: That the code you run has no vulnerabilities until a security scanner tells you suddenly that it does. That the scanners are oracles who know the Truth about vulnerabilities. That patching always works immediately and is perfect (it isn’t). The list goes on.
Polyverse’s Zero Trust model works by assuming all bugs always exist in all systems rather than looking for them. This seemingly minor difference between us and most traditional security methodologies has massive implications on the results.
When we founded in April 2015 we began with this proposition:
“A buffer-overflow already exists. In grub, in the kernel, in the browsers, in the webservers, and in sudo, twice.”
And then we set out to solve: What can we do today, such that, on the day the bugs are eventually discovered we can guarantee any exploits written against them are either outright impossible or ridiculously difficult (‘difficulty’ in cryptographic terms).
We solved exactly that with our Polymorphing solution.
In case you were wondering, we also protected our customers from Boothole before it was known, the previous sudo bug, and a whole host of others. You can get this Zero Trust protection too – with a single line install and within minutes.
We won’t email you about possibly-an-anomaly, nor will we ever send you desperate rule/signature updates, nor will there be any clever agent/daemon doing anything on your machines. The only email you get from us is a retroactive email telling you that you were always okay.
The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a worldwide basis.
© 2020 Polyverse