Red Hat researchers have uncovered a new exploit in the common BASH command shell found in UNIX, OS X and LINUX which can be used to deploy malicious code with minimal effort. Here’s why you should care about this. The BASH shell is used everywhere. As in routers, NAS appliances, smart home appliances, servers that are exposed to the Internet such as web servers just to name a few things. Thus a huge number of devices could be affected by this. That could make this exploit bigger than Heartbleed. To add to this, the exploit has been around for a long time. Thus it could already be used by evil doers on the Internet to do who knows what. Finally, because of the age of this exploit, it is unlikely that older devices and systems that are affected by this will get patched. This despite the fact that there is a fix for this. Which means that until they are taken out of service, they are attack vectors for the evil doers of the Internet.
Scary indeed.
I would watch this story as over the coming days and weeks, this is going to get big. Really, really, big.
UPDATE: The exploit has been dubbed “Shellshock” and to help you rather than just sow panic and fear, I’m going to post a bunch of suggested actions to take via MacStrategy to protect yourself. This isn’t simply Mac focused. It covers every single platform affected by this. I’ve also got this online tool that will scan a domain to see if it can be exploited via Shellshock. If you’re an network admin, you need to take action as attacks using Shellshock are already being reported.
Like this:
Like Loading...
Related
This entry was posted on September 25, 2014 at 10:50 am and is filed under Commentary with tags Security. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Forget Heartbleed. BASH Exploit Is Likely To Be Bigger And Scarier [UPDATE]
Red Hat researchers have uncovered a new exploit in the common BASH command shell found in UNIX, OS X and LINUX which can be used to deploy malicious code with minimal effort. Here’s why you should care about this. The BASH shell is used everywhere. As in routers, NAS appliances, smart home appliances, servers that are exposed to the Internet such as web servers just to name a few things. Thus a huge number of devices could be affected by this. That could make this exploit bigger than Heartbleed. To add to this, the exploit has been around for a long time. Thus it could already be used by evil doers on the Internet to do who knows what. Finally, because of the age of this exploit, it is unlikely that older devices and systems that are affected by this will get patched. This despite the fact that there is a fix for this. Which means that until they are taken out of service, they are attack vectors for the evil doers of the Internet.
Scary indeed.
I would watch this story as over the coming days and weeks, this is going to get big. Really, really, big.
UPDATE: The exploit has been dubbed “Shellshock” and to help you rather than just sow panic and fear, I’m going to post a bunch of suggested actions to take via MacStrategy to protect yourself. This isn’t simply Mac focused. It covers every single platform affected by this. I’ve also got this online tool that will scan a domain to see if it can be exploited via Shellshock. If you’re an network admin, you need to take action as attacks using Shellshock are already being reported.
Share this:
Like this:
Related
This entry was posted on September 25, 2014 at 10:50 am and is filed under Commentary with tags Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.