Shellshock Bash Bug - Why you should care

shellshockLast week possibly one of the most dangerous and widely spread vulnerabilities in servers that power over 50% of the internet was discovered.

This vulnerability in the Bash shell module which runs on Linux servers. For those unfamiliar with this shell you can find out more here.

The bug within this shell essentially allowed remote attackers to potentially execute arbitrary code on a remote server using crafted requests sent to the server.

Why you should care about this issue

It's quite likely your website is hosted and running on a Linux server. Therefore it is important to check with your hosting provider that they have patched this issue to ensure your website is secure.

The second, and often not known issue, is that this module can exist in many Internet connected devices including:

  • Your Mac running OSX
  • Your router
  • Web cams and other Internet connected devices

So what can I do?

You can run a simple test on your Mac to see if you are at risk and then apply a patch to fix it.

Also keep an eye out for firmware and security updates from your hardware suppliers or ISP but please be cautious of any emails you recieve that are requesting information or instructing you to run any attachments (or do anything else that sounds very strange like putting your iPhone in the microwave).

In comparison this bug is far worse than the Heartbleed bug found in the Open SSL protocol earlier this year and potentially leaves millions of websites exposed as well as other devices.