This last September 24th, 2014 a Bash vulnerability referred to as Shellshock or the “Bash Bug” was found. The so called “deadly serious” bug has been affecting hundreds of millions of computers, servers and devices since its discovery; the number of affected users is growing at a fast pace and it’s believed to be even more serious than the Heartbleed bug, discovered just a couple of months ago.
The Bash Bug flaw was found in a software component known as Bash, which has been the shell for the GNU operating system and widely used as a default shell on Mac OS X and Linux which means that it can be used to take control of almost any system using Bash.
The National Cyber Awareness System currently gave a 10 out of 10 severity rating to the vulnerability and experts expect for Shellshock to affect at least 500 million machines worldwide, but the same way it happened with Heartbleed, the flaw has existed for years without anyone knowing so it’s no surprise to know that your system has been vulnerable for the last 20 years or so.
How The Bug Can Harm Your Data
As all Mac and Linux operating systems use Bash, these two types of computers are at risk.
If Bash is the default system shell on your server it can be used by hackers worldwide to launch programs or enable features on your computer without any passwords needed. This enables hackers to access your confidential information, files, run programs, delete data, etc, and this can seriously affect your business and put at risk your customer’s information.
What You Need to Do
Depending on who your hosting or cloud server provider is, there are several steps you need to take to patch your system and fix this vulnerability. Of course, this requires technical knowledge, for example, you need to know how to access your web server via the SSH console. If you know how to do this and have the logins required, you can follow the instructions of your hosting company. Here are the links to some of the main ones:
If you have a shared hosting account, then you have nothing to worry about. Your hosting provider will take care of updating and patching its systems, but if you have a managed VPS (Virtual Private Server) or a Dedicated Server, you will need to take care of the patching.
SD Internet Marketing clients have nothing to worry about. We have already taken the necessary steps to secure your servers and websites, but if you have any questions about the vulnerability or if you need help patching your server, feel free to contact us. We’re here to help you.