Friday - Sep 22, 2017

Shellshock Bug: Everything You Need To Know


On the 24th of September, millions of servers were revealed to be at risk following a series of digital attacks that sought to expose a vulnerability in computer software. The risk is said to extend from average, everyday users right through to government websites.

The weakness was dubbed the Shell Shock bug, which gets its namesake from the Borne Again Shell (which is commonly abbreviated to BASH) and is said to be just as dangerous, if not more so, as April’s Heartbleed bug.

Operating Systems Are Taking a Bashing

BASH is a command-line shell used for a variety of different operating systems produced by Linux, Unix and most surprisingly in the usually bug-free Mac operating system. The shell isn’t simply used by computer operating systems though; it is also facilitated by a number of web servers, which throws a lot of sensitive websites into risk.

If BASH is running as the system’s default shell, the system runs the risk of being infiltrated.

As soon as the bug was realised, expert ‘hackers’ were exploiting the security of user’s systems. Unlike previous bugs which allowed the hacker to simply access files on other computers, the Shell Shock bug allows the hacker to actually execute commands on remote computers.

As with most bugs that provide easy to exploit systems, there is a large expectation that a worm (a malicious, self-spreading piece of software) is likely already in development. Worms are used to speed up and systematically isolate and identify weaknesses in various systems.

What’s Being Done About It?

Apple and Akamai have both issued reports stating that they are working quickly on upgrading their security to prevent any vulnerabilities. Akamai have also suggested that users of Linux, Unix and Mac OS x update their systems to use the latest version of BASH. Alternatively it has been suggested that people try to use different shells.

The Heartbleed bug was, according to specialists, a lot less serious, given that it only affected very specific versions of OpenSSL, whereas the Shell Shock bug has been hidden in versions of BASH that go back almost 25 years.

Obviously most people don’t use older operating systems but anyone that isn’t using the most up to date versions of the shell on Linux and Unix systems will be at risk from hackers attempting to take advantage of the bug.

What Can I Do About It?

Understandably, there are a lot of people, especially businesses with sensitive information that are extremely worried about the bug, and many people aren’t entirely sure how best to counteract the bug and update their security. With Linux’s Apache comprising of over half of the net there is a large number of people that are at risk.

Bugs like this can be confusing to users without advanced knowledge in computing systems so it is always advisable to seek IT Support from people with expert knowledge who can lead you through the steps to secure your system.

We’re still yet to see the ramifications of this bug and what it could ultimately lead to. The potential devastation is still unknown, so we believe it is best to play safe, and to update any systems where you can.

Damian Coates is the Commercial Accounts Director for London’s leading IT support companies- Utilize. Damian believes that it is important for everybody to keep up-to-date with bugs and viruses that could potential leave sensitive date exposed.