IT Community Shaken By Shellshock Vulnerabilities
October 29, 2014
In the wake of Heartbleed, comes a new form of exposure that could potentially do much more damage than any other vulnerability of its kind.
It is known as Shellshock. Shellshock affects Linux and UNIX implementations that use the BASH command interpreter.
The fix for the issue is simple. Upgrade your version of BASH to one that is not vulnerable. The problem lies in the sheer number of servers, workstations, and devices that have this issue.
For years, due to stability, inherent security, and cost factors, Linux (and its variants) have been the most widely deployed Internet and backbone systems in the world. In other words, the servers and purpose built appliances that run the websites and route traffic on the Internet potentially have this vulnerability. Shellshock simply tricks the BASH command interpreter to execute unauthorized commands when it encounters what it believes is a variable.
The patches to fix this are readily available, but the number of systems involved with this upgrade are mind boggling. Across the world, it is estimated that millions of servers and other equipment must be patched, and that is only referring to the core systems that manage and control the Internet.
Who Else Is At Risk?
On top of these systems come the workstations and purpose built appliances that are based on Linux.
Many home automation controls use a version of Linux as well as household electronics such as cable boxes and DVD players. Every one of them could be affected by Shellshock, meaning a hacker could cause anything from disruption in services to potential infiltrating your home network and stealing personal information.
As if the previous 2 scenarios were not enough, many Apple products that run iOS have this vulnerability as well. Therefore, iPhones and iPads are not exempt from the issue either. Usually, you can depend on the security of these devices, but this time, it is the underlying operating system that is at risk.
Luckily, a security update / patch is all that is needed to properly protect against this issue. But the real question on people’s mind is whether or not we will find any other rampant security flaw in Linux or UNIX.
How To Protect Yourself
Here at Netsurion, our customers can rest assured that our security devices are not susceptible to Shellshock, while other firewalls are. It is, therefore, critical to look to your vendor, if you do not use Netsurion, to ensure that your systems have been updated properly.
Like Heartbleed, Shellshock reminds us that security is an ongoing process. Updates and patches are part of any good security program, and the longer you allow yourself to fall behind in the update process, the more you could be leaving your systems exposed to serious security threats.