The Shellshock Bug – Hype or Reality?


By David Hone, Security Specialist, Netutils

dave_h_colourViews expressed in this post are original thoughts posted by David Hone. These views are his own and in no way do they represent the views of the company.

So what exactly is Shellshock (CVE-2014-6271) aka the ‘Bash Bug’ and should you believe the hype?

You may not believe that your organisation will be affected by this security flaw because you don’t run Linux, Solaris or Unix systems, but you may want to reconsider.

Let’s cut through the hype and consider exactly what Bash is and what functions it provides in a computer.

Bash stands for Bourne-Again Shell. In essence the Bash function provides the interface between the user and the computer. Its core function is to interpret what you type and allows the computer system to action these commands.

Bash also provides the ability to script commands, scripting being used to automate a number of steps. For example you could command a Bash shell which creates a script to discover all your database files and then copy them to a database located somewhere else in the world.

The key part to understand is that as the Bash shell is text-based the commands could be initiated from a remote computer and doesn’t necessarily have to be connected to a local keyboard. This allows IT departments / individuals to action commands from anywhere in the world. While Bash is interpreting the physical commands inputted by a user the final point to highlight (and this is one that most people overlook or simply do not consider for any number of reasons) is that as individuals, consumers and businesses we are surrounded by computers of all types (commonly referred to as ‘the Internet of things’) that are often connected to the Internet undertaking activities and processes of which we often have little understanding or knowledge.

The Bash Bug vulnerability allows an attacker to remotely execute commands, attacking scripts which have been written in Bash.

For more see http://www.vox.com/2014/9/25/6843949/the-bash-bug-explained

How can you identify which of your devices are vulnerable to this type of attack, the impact, and what you should do to protect your business and private data?

If you have not done so already you should start by implementing a full audit of all devices connected to your network. This should include everything from the routers provided by your internet service provider to any device that your users attach to the network.  It is common practice for manufactures to build ‘the internet of things’ with open source software, so almost any device from the modern fridge, to the ISP’s router, or indeed the core routers and switches in your network are all likely to have a custom built Linux/Unix  operating system derived from a common open source technology which includes the Bash application and therefore all these devices are potentially vulnerable to this attack and are targets for attackers to hijack for any number of illegal activities. 

So how can Netutils help? We specialise in providing networking, security solutions and consultancy and pride ourselves on providing our customers with the highest quality of immediate actionable independent advice and solutions to solve current business security needs. If you have any concerns about the impact of the Bash Bug in your organisation we urge you to get in touch, we are very happy to discuss possible fixes for you and your organisation.

This entry was posted in Uncategorized by Vanessa Cardwell. Bookmark the permalink.

About Vanessa Cardwell

I'm a marketing communications professional working within the technology industry for a great reseller called Network Utilities. Network Utilities (Systems) Ltd have been providing identity centric network and security solutions to organisations ranging from Telecoms and ISPs to large corporates and SMEs for over twenty years. Partnering closely with both industry leading and niche technology vendors to bring customers the best solutions the industry has to offer. I communicate every day with our customers & prospects to keep them up to date on the latest industry news and information on the products and solutions from our portfolio and I'm motivated by any new marketing techniques and methods we can use to do this. There's lots of great content posted regularly on our blog to help organisations like yours find the right IT security solution for you and your business. You can stay up to date by: • Following us on twitter @networkutils • Visiting our website www.netutils.com • Following our blog https://netutilsblog.com/

One thought on “The Shellshock Bug – Hype or Reality?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s