Tomorrow marks the much talked-about release of the patch for the Samba bug branded Badlock. While we don’t know a whole lot about the vulnerability, its discoverers assure us the patch is worth staying up for. From what we do know, Badlock is a "crucial security bug" in Windows' Server Message Block (or SMB) protocol, as well as the open-source Samba implementation of that protocol.
A critical bug in SMB or Samba is a big deal, since those protocols are themselves a big deal. SMB underpins Microsoft's Active Directory and other widely used network services, while Samba is a widely used piece of open source software that simplifies the use of Active Directory credentials across mixed Windows and Linux domains. Samba is particularly widely used for file shares and print servers.
Like it or not, branding is a big deal in the data security business these days. The last few years saw the rise of vulnerabilities with names that seem a better fit for supervillains—Heartbleed and Shellshock being the biggest. Now Badlock joins the Legion of Security Doom, with its dramatic broken-lock branding and its own website.
The creators of these marketing campaigns claim they want to use them to spread the news about serious bugs. However, these branded flaws are being released by security firms that want visibility themselves, which may lead to a tendency to exaggerate the threat in order to get name recognition. Another potential downside of bug-branding is that serious bugs discovered by groups that aren't interested in promoting their finds could be lost in the noise. We'll see just how big a deal Badlock is when more details of it become available tomorrow.