Beta Brain - Shellshock

By Paula September 25, 2014 English No comments yet

Many are calling the new web vulnerability Shellshock. I don’t see how another weakness comes as a shock to anyone, but I must admit it sounds much better than “Bug in Bash” (which could easily be mistaken for a Dr. Seuss’ book). 
This vulnerability could pose an even bigger threat than Heartbleed. Bash is the software used to control the command prompt on many Linux and Unix based computers and hackers could exploit it to take complete control of a targeted system. Web servers are Linux based. Apple’s Mac OS X is Unix based.
You may not have realized this yet but if you are reading this on your iPhone or iPad, you too are exposed to Shellshock.
What to do now?
Many of the major vendors have been issuing patches. It is extremely important that you make sure your network administrator has the right patch management process in place to make sure all your systems have the latest patches.
At the time this news went to press (I always wanted to be a journalist and say this!), Apple had not yet patched Bash.
You can check if your system is vulnerable by typing this from a Terminal line:
env x='() { :;}; echo vulnerable’ bash -c “echo this is a test”
If your system is vulnerable, you’ll get this response:
 this is a test
If your system is patched, you’ll get this:
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x’ this is a test

No comments yet

No comments yet. Start a new discussion.

Add Comment