IT Community Shaken By Shellshock Vulnerabilities

In the wake of Heartbleed, comes a new form of exposure that could potentially do much more damage than any other vulnerability of its kind.

SHELLSHOCKED

It is known as Shellshock. Shellshock affects Linux and UNIX implementations that use the BASH command interpreter.

The fix for the issue is simple. Upgrade your version of BASH to one that is not vulnerable. The problem lies in the sheer number of servers, workstations, and devices that have this issue.

For years, due to stability, inherent security, and cost factors, Linux (and its variants) have been the most widely deployed Internet and backbone systems in the world. In other words, the servers and purpose built appliances that run the websites and route traffic on the Internet potentially have this vulnerability. Shellshock simply tricks the BASH command interpreter to execute unauthorized commands when it encounters what it believes is a variable.

The patches to fix this are readily available, but the number of systems involved with this upgrade are mind boggling. Across the world, it is estimated that millions of servers and other equipment must be patched, and that is only referring to the core systems that manage and control the Internet.

Who Else Is At Risk?

On top of these systems come the workstations and purpose built appliances that are based on Linux.

Many home automation controls use a version of Linux as well as household electronics such as cable boxes and DVD players. Every one of them could be affected by Shellshock, meaning a hacker could cause anything from disruption in services to potential infiltrating your home network and stealing personal information.

As if the previous 2 scenarios were not enough, many Apple products that run iOS have this vulnerability as well. Therefore, iPhones and iPads are not exempt from the issue either. Usually, you can depend on the security of these devices, but this time, it is the underlying operating system that is at risk.

Luckily, a security update / patch is all that is needed to properly protect against this issue. But the real question on people’s mind is whether or not we will find any other rampant security flaw in Linux or UNIX.

How To Protect Yourself

Here at Netsurion, our customers can rest assured that our security devices are not susceptible to Shellshock, while other firewalls are. It is, therefore, critical to look to your vendor, if you do not use Netsurion, to ensure that your systems have been updated properly.

Like Heartbleed, Shellshock reminds us that security is an ongoing process. Updates and patches are part of any good security program, and the longer you allow yourself to fall behind in the update process, the more you could be leaving your systems exposed to serious security threats.

  • The Perils of Using Remote Access Software

    June 02, 2016

    While software that can be installed on your PC and used to remotely connect when you are away from your home office can be very handy, it also comes with risks that may not be apparent at first.

    Read More
  • Why is patching important to the security of your business?

    May 31, 2016

    If you are not keeping up with regular patching of your computer and the programs that run on it – then you are simply asking for trouble. Many of the breaches that make the news are caused by holes in software for which a patch existed by the vendor.

    Read More
  • Netsurion services and OpenSSL the Heartbleed issue

    April 11, 2014

    Many of our customers and resellers have asked how Heartbleed affected Netsurion services. In a nutshell, the managed services that make up our product offerings were not directly affected by Heartbleed.

    Read More