Homeland Security issues warning of elevated security risk from an online worm “bash bug”. If you own a mac computer, you are waking up to the potential of massive damage from one your first worries that historically affect windows computers. This time the opposite holds true. Nearly every major system from Apple Mac OS, Android, Linux and Unix servers and major web servers like Apache are threatened – not windows-based computers. Apple has stated that a vast majority of Mac computer are not affected and it is limited to systems which have been altered for server and other outside access but is working on a patch.
What is the “bash bug” aka “shellshock”?
- attackers can potentially take over the device’s operating system, access confidential information and use it as if it were their own.
- the worse case scenarios show potential vulnerability in systems that run power plants, medical devices, municipal water systems. On the annoying end, mac computers and android devices could be taken over through public wifi such as those found at coffee shops and airports.
- serious enough that homeland security has issued venerability warning
What we know about “shellshock / bash bug:
- let’s attackers take over the devices operating system, access confidential information and use it as if it were their own.
- apple mac computers, android devices and big computer systems using unix, linux, apache
- most serious worse case risks to in systems that run power plants, medical devices, municipal water systems.
- you can be affected directly on mac computer attached to a public wifi hotspot such as a coffee shop or airport
- discovered by a stephane chazelas of alkamai technologies
- does not affect windows computers.
What you need to do right now:
- if you are responsible for large scale computer systems, you need to respond to the homeland security vulnerability bulletin and seal out this threat.
- as an employer or an owner, you might want to rely on a reputable cloud infrastructure (like Linode) to build, host the applications and data, and avoid these security issues.
- for most people using a apple mac or android device, you need to stay off of public hotspots until a patch is made available and updated on your device.
- be on lookout for related phishing scam that arrives in the form of an email offering to clean or fix your device from this threat. Do not respond to this or link from this email.