Tailored Cyber Security.

Shellshock

I know there was a trend of remote access going on. However, it’s time
to break and talk about some current events. Heartbleed should ring some
bells for people that keep up with cyber events. For those who don’t
have a clue what that is; there was a bug in OpenSSL which is used to
secure communication by a lot of programs. That means that for specific
sites, even when you had HTTPS in the bar your data could be identified.

So,
why do we care about Heartbleed? Shellshock is the next story up.
Shellshock is a big of a bug as Heartbleed was. Now here’s the kicker,
it isn’t new. This bug is theoretically decades old! Let me back up.
Here is a good overview: http://red.ht/1msy8D6.

This
is a blast back to our conversation about Linux being vulnerable to
malware too. If you didn’t read or understand the quick blurb at the
link above, I’ll give you a summary. Linux’s primary shell, BASH, can be
exploited through environment variables to run commands. This means,
someone can go to a website that is vulnerable to this and supply
specific information and essentially own the computer.

How does
this effect the everyday user? It may not. However, it does pose a
possible issue. Your data could be at risk should it be on a server
vulnerable to Shellshock. The bad news is that you can’t do much about
it as a user. Have questions? Let me know. Hit me up at fracsec@gmail.com!

Leave a Reply