What is the “bash bug” aka “shellshock”?
- attackers can potentially take over the device’s operating system, access confidential information and use it as if it were their own.
- the worse case scenarios show potential vulnerability in systems that run power plants, medical devices, municipal water systems. On the annoying end, mac computers and android devices could be taken over through public wifi such as those found at coffee shops and airports.
- serious enough that homeland security has issued venerability warning
What we know about “shellshock / bash bug:
- let’s attackers take over the devices operating system, access confidential information and use it as if it were their own.
- apple mac computers, android devices and big computer systems using unix, linux, apache
- most serious worse case risks to in systems that run power plants, medical devices, municipal water systems.
- you can be affected directly on mac computer attached to a public wifi hotspot such as a coffee shop or airport
- discovered by a stephane chazelas of alkamai technologies
- does not affect windows computers.
What you need to do right now:
- if you are responsible for large scale computer systems, you need to respond to the homeland security vulnerability bulletin and seal out this threat.
- as an employer or an owner, you might want to rely on a reputable cloud infrastructure (like Linode) to build, host the applications and data, and avoid these security issues.
- for most people using a apple mac or android device, you need to stay off of public hotspots until a patch is made available and updated on your device.
- be on lookout for related phishing scam that arrives in the form of an email offering to clean or fix your device from this threat. Do not respond to this or link from this email.
Get strong protection for all of your devices
Now more than ever it is important to have good antivirus protection and security on all of your devices. See my review of the best antivirus protection software and apps including the top pick TotalAV.