Tech Made Simple

Hot Topics: How to Fix Bluetooth Problems | How to Cut the Cable Cord | Best Fitness Trackers Under $50 | Complete Guide to Facebook Privacy

Top News Stories

author photo

What You Need to Know about the 'Shellshock Bash' Bug

by on September 26, 2014
in Computer Safety & Support, News, Computers and Software, Internet & Networking, Blog :: 6 comments

Computer security threat Security researchers from around the net are sounding the alarm over a recently discovered computer bug named Shellshock (Bash). It’s a massive security hole that's arguably worse than the Heartbleed bug from earlier this year. Here’s what you need to know about this new threat, and what you need to know to stay protected from the fallout.

What is Shellshock (and Bash)?

Shellshock is a security hole located in a component of the Unix operating system called Bash that handles commands. Few computers these days run Unix itself – it’s an antiquated OS conceived many decades ago. But since Unix is the grandfather of the Linux and Mac OS X operating systems, they too contain the Shellshock Bash vulnerability. Nearly half of the webservers currently in operation run Linux, so that’s a very big problem.

The vulnerability would let hackers run virtually any command on the machine they want. A person could steal your personal and financial data from one of the many, many website servers that currently run a version of Linux. Or they could connect to your connected home network and turn on your Wi-fi home security camera (again, Linux-based) to spy on you. Or they could take over your MacBook. The possibilities are nearly endless, simply because the Shellshock bug can be exploited in so many ways.

How can you stay safe?

The biggest security implications of Shellshock deal with the webservers that house many of your favorite online sites and accounts. There's little you can do here other than wait for their administrators to patch the bug. The good news is that these holes are being patched quickly. Many already are.

Meanwhile, recognize that your home router, connected home devices and possibly your home computer could have the security hole, too. Keep an eye out for emails from your Internet service provider on the topic, in case you need to update the firmware on your router. Use common sense, however – some hackers may use this threat as an excuse to send phishing emails or to try and trick you into downloading malware to your computer.

If you own an Apple computer running OS X, it's vulnerable to the Shellshock Bash bug. (Windows-based PCs should be safe.) Make sure you install security updates to your operating system ASAP once Apple provides them. Of course, this should be standard operating procedure for most Techlicious readers, as it’s the first line of defense against compromises, known or otherwise.

Update (9/26): The computer security specialists at TrendMicro have released a set of free tools for those concerned about the Shellshock bug. They will let you know if a website you're visiting is vulnerable to Shellshock Bash. And for more advanced users and server administrators, patching and threat analysis tools are also available. You can access the free protection suite by visiting the TrendMicro website

More good news: Apple says the "vast majority" of OS X devices should be safe from Shellshock unless you have manually configured advanced UNIX services. If you're not sure what that means, your computer is probably fine. Still, Apple is promising to quickly release a security patch to addresses the issue for all Mac users; everyone should install it when it becomes available.  

[Vulnerable computer code via Shutterstock]



Discussion loading

gravatar

thanks

From nan on September 26, 2014 :: 11:55 am

I’m so happy you put this out. I am windows based, but received one of those phishing emails today. I deleted it because I had never heard of Shell shock before. Love that you keep me updated on these things.

Reply

gravatar

Linux/unix isn't antiquated, they release

From what on September 26, 2014 :: 12:38 pm

Linux/unix isn’t antiquated, they release new versions all the time and many flavors have a windows like interface.  I run it on my laptop as it is faster, doesn’t need a virus scanner and less prone to crashing than windows.  All chrome books (pretty new) are running linux.  Many phones run it. 

Yes most home users are running windows or mac, but that doesn’t mean linux is antiquated.  Clearly this article wasn’t written by someone with tech knowledge.

Reply

gravatar

Careful reading

From billcaz on September 26, 2014 :: 5:02 pm

Perhaps it’s just me but the author of this article did NOT ever state that Linux is antiquated; he observed that Unix is decades-old and rarely used but that it is the “Grandfather” of Linux and Mac OS operating systems.  His tech knowledge seems fine to me; your reading skills, not so much.

Reply

gravatar

unix antiquated?

From Randy Grein on September 26, 2014 :: 7:34 pm

Billcaz, it is just you. (sorry). First, he is incorrect that unix is the ‘grandfather’ of Linux and Mac OS. Mac OS is a mac shell and APIs on top of BSD unix (as is IOS) while linux is the son of unix, not the grandson. So it’s the second largest installed base behind linux (Android is a linux variant).
Second, he did state that unix is ‘antiquated’. The confusion was the paragraph was poorly written with multiple subjects, leading to confusion. In any case this was nothing more than troll bait. While unix predates PCs and all that it is far more accurate to call it ‘mature’, and even outside mac OS is used pretty much everywhere in big IT, as well as often in embedded systems.
I would say that the author’s tech knowledge is fairly good but he may lack some breadth and history. That is, unfortunately a problem with IT and tech; anything 5 years ago is so, so last century.

Reply

gravatar

unix remains for good reason

From sixpack on October 06, 2014 :: 10:11 am

yes linux and its variants has become prolific.  However backward compatibility is a huge issue for mainstream servers where upgrades must be accounted for while not requiring applications to be updated (yes applications still exist). 

Sun continues to provide that backwards compatibility with its unix operating system (Solaris) and savvy users recognise that where they have to accommodate legacy systems but put new hardware in.

Linux can be a nightmare for an enterprise because of the regular changes within the o/s and its effect on critical applications.

Unix is far from a dinosaur.  It’s just that web applications aren’t as demanding as many enterprise apps.

Reply

gravatar

Funny, we have a good-sized linux division

From Randy Grein on October 07, 2014 :: 2:22 am

It’s not as big as our Windows side, but is combined linux/unix - and runs far more than web applications. And yes, it is a large enterprise.

Enterprises that are serious about making money with linux (Amazon, google, expedia) use a uniform platform, at least in a silo.  They control their environment and have solved the problems you cite; it’s no worse (and often easier) than doing the same with Windows updates. ANYTHING can be a nightmare to manage when it’s not managed. (grin)

© 2015 Techlicious LLC. Home | About | Meet the Team | Sponsorship Opportunities | Newsletter Archive | Contact Us | Terms of Use | Privacy Policy

site design: Juxtaprose