Contact Us Today! (215) 853-2266

Bardissi Enterprises Blog

Bardissi Enterprises has been serving the Hatfield area since 2000, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Caution: New Bash Bug Vulnerability Might Leave You with Shellshock

b2ap3_thumbnail_bash_bug_vulnerability_400.jpgFor users of Unix-based operating systems, there's a new threat on the loose. The vulnerability, promptly called the Bash bug, or "shellshock," is targeting systems equipped with Linux and Mac OS X. The bug allows remote users to execute arbitrary code within the operating system.

The Bash shell, commonly called the "Bourne again shell," has been a consistent feature for Unix-based operating systems for over 20 years. The official security blog at RedHat elaborates how the bug in the Bash shell is taken advantage of:

In Linux, environment variables provide a way to influence the behavior of software on the system. They typically consist of a name which has a value assigned to it. The same is true of the Bash shell. It is common for a lot of programs to run bash shell in the background. It is often used to provide a shell to a remote user (via ssh, telnet, for example), provide a parser for CGI scripts (Apache, etc) or even provide limited command execution support (git, etc).

Complications can occur if the source code behind environmental variables has been altered before the bash shell is summoned. This allows arbitrary code to be disguised inside software and masquerade as something legitimate, when in reality the threat is hidden within programs and can alter the functions of the software. The most concerning way of exploiting this bug is to allow remote users to execute malicious code within the system. Due to the incredible amount of software out there which utilizes the bash shell, the potential damage this bug can cause is devastating.

Ever since the bug was revealed, hackers have been flocking to take advantage of it. There have already been several attacks utilizing the vulnerability, including denial of service attacks and botnets. Researcher Robert Graham has already detected 3,000 systems vulnerable to the bug, and estimates that the actual number of operating systems which could be attacked are several times greater. In a Twitter post, Graham says, "I think I was wrong saying that Shellshock was as big as Heartbleed. It's bigger."

Top security researchers are concerned, and you should be too, especially if you use Linux or Mac OS X on your business's networks and servers. Even if you don't, Bash script is used on a lot of mobile software, putting most Internet of Things technology at risk of compromise. In fact, the threat is so huge that the United States Computer Emergency Readiness Team (US-CERT) has issued an alert to the masses: download the patch before the Bash bug infects your systems. The last time the US-CERT issued an "alert" on their official security website was for the Backoff Point-of-Sale malware, which targeted sales terminals and stole credit card numbers from plenty of individuals across the globe.

Patches are coming in slow and steady, but they aren't enough to keep up with the bug. While patches have been issued, the are not complete. However, RedHat still suggests that you use the partial patch until the complete one has been released. Bardissi Enterprises can help your business take advantage of the patch, and we can offer you assistance with protecting your business's network from the attack. Just call us at (215) 853-2266.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Sunday, 22 December 2024
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Blog Archive

Recent Comments

Tip of the Week: Which Headphones are Right for Your Needs?
23 April 2018
I will recommend Plantronics Backbeat Pro 2 SE Noise cancelling Headset with it's Great features.
Gamification: Make Business Fun for Everyone
27 January 2017
The world is based on the games. There are many types of games as per the aussie essay writing servi...
Let's Talk Tablets
12 January 2017
The concept of tablet is far better than that of PC because you can bring them with you everywhere a...
Tip of the Week: Tweak Your Workday in These 4 Ways and See Major Results
12 January 2017
The only thing will I will say regarding this blog is that it is very helpful at least for me. As I ...
WatchGuard Releases Version 10.2.7 for WSM, Edge, Fireware, and Fireware Pro
23 December 2016
I really needed to know about the fireware but i was confused that where can i find information abou...