This website uses cookies in order to offer you the most relevant information. Please accept cookies for the most optimal performance. 

Blog

Computerware Blog

Computerware has been serving the Vienna area since 1976, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Caution: New Bash Bug Vulnerability Might Leave You with Shellshock

b2ap3_thumbnail_bash_bug_vulnerability_400.jpgFor users of Unix-based operating systems, there's a new threat on the loose. The vulnerability, promptly called the Bash bug, or "shellshock," is targeting systems equipped with Linux and Mac OS X. The bug allows remote users to execute arbitrary code within the operating system.

The Bash shell, commonly called the "Bourne again shell," has been a consistent feature for Unix-based operating systems for over 20 years. The official security blog at RedHat elaborates how the bug in the Bash shell is taken advantage of:

In Linux, environment variables provide a way to influence the behavior of software on the system. They typically consist of a name which has a value assigned to it. The same is true of the Bash shell. It is common for a lot of programs to run bash shell in the background. It is often used to provide a shell to a remote user (via ssh, telnet, for example), provide a parser for CGI scripts (Apache, etc) or even provide limited command execution support (git, etc).

Complications can occur if the source code behind environmental variables has been altered before the bash shell is summoned. This allows arbitrary code to be disguised inside software and masquerade as something legitimate, when in reality the threat is hidden within programs and can alter the functions of the software. The most concerning way of exploiting this bug is to allow remote users to execute malicious code within the system. Due to the incredible amount of software out there which utilizes the bash shell, the potential damage this bug can cause is devastating.

Ever since the bug was revealed, hackers have been flocking to take advantage of it. There have already been several attacks utilizing the vulnerability, including denial of service attacks and botnets. Researcher Robert Graham has already detected 3,000 systems vulnerable to the bug, and estimates that the actual number of operating systems which could be attacked are several times greater. In a Twitter post, Graham says, "I think I was wrong saying that Shellshock was as big as Heartbleed. It's bigger."

Top security researchers are concerned, and you should be too, especially if you use Linux or Mac OS X on your business's networks and servers. Even if you don't, Bash script is used on a lot of mobile software, putting most Internet of Things technology at risk of compromise. In fact, the threat is so huge that the United States Computer Emergency Readiness Team (US-CERT) has issued an alert to the masses: download the patch before the Bash bug infects your systems. The last time the US-CERT issued an "alert" on their official security website was for the Backoff Point-of-Sale malware, which targeted sales terminals and stole credit card numbers from plenty of individuals across the globe.

Patches are coming in slow and steady, but they aren't enough to keep up with the bug. While patches have been issued, the are not complete. However, RedHat still suggests that you use the partial patch until the complete one has been released. Computerware can help your business take advantage of the patch, and we can offer you assistance with protecting your business's network from the attack. Just call us at (703) 821-8200.

Automation: Is it Suffocating Real-World Talent?
How One Business Owner is Fighting Yelp in the Mos...
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Sunday, 24 November 2024

Captcha Image

News & Updates

Computerware is proud to announce the launch of our new website at ww.cwit.com. The goal of the new website is to make it easier for our existing clients to submit and manage support requests, and provide more information about our services for ...

Contact us

Learn more about what Computerware can do for your business.

Computerware, Inc.
8480 Tyco Road Suite I
Vienna, Virginia 22182

Copyright Computerware. All Rights Reserved.