As we have discussed in previous blog posts, technology is constantly under the threat of new attacks orchestrated by dedicated cyber criminals.
The latest threat to be discovered is named Shellshock with experts tipping this bug to be more damaging than the recent Heartbleed Bug.
Shellshock Bug Explained
This is a very complex threat but to put it quite simply, PC Advisor have described Shellshock as a flaw in a software component known as Bash.
Bash is a command line shell which allows users to launch applications by typing text commands.
It has been revealed that a flaw in the software allows malicious code-extension within the Bash shell to take over an operating system and therefore gain access to data.
Typically, Bash is installed on non-Windows operating systems such as Mac, Unix and Linux and has been around since the late 1980’s. As well as being a command interpreter, Bash can also be used as a parser for CGI scripts which is the way many websites are able to display dynamic content.
This is important as CGI scripts are often executed on Apache which is one of the most common kinds of web servers in the world. Approximately 50% of web servers run Apache which indicates they may run a version of Bash on them so it’s easy to see the scale of the issue.
Through gaining access to the command line, hackers gain entry to the entire online environment of a machine and are therefore able to publish their own malicious code, access internal data and reconfigure environments for their own use.
Does Shellshock Affect Me?
If you are running either Mac, Linux or Unix on your machines, you may be at risk as well as web servers running the Apache software. It’s also worth keeping in mind that Bash can be installed with other programs which means that Windows machines could also be at risk, even though Bash is not installed by default.
To make matters that bit worse, almost every version of Bash is vulnerable which equates to about 25 years worth of Bash installs.
It would seem for now however, the biggest target appears to be web servers rather than regular users. If you are responsible for maintaining your own web server, you can check to see if you are vulnerable using the Shellshocker tool.
The best advice for regular PC users is to wait for for your operating system to issue an update containing a patch for Bash, and install the update as soon as it’s available.