By the DynaSis Team
Have you heard of “Shellshock”―the newest computer vulnerability to hit the news? If so, you may be wondering if your firm is at risk. Or, perhaps you heard that Shellshock doesn’t affect Windows devices, so you have dismissed it as a non-event for your office. In either case, we encourage you to read this alert.
Discovered on September 12 and made public on September 24, Shellshock (also known as Bashdoor) is actually a family of bugs in a program called Bash. Written more than two decades ago, Bash is a “command shell” program―it interprets commands from users and other computers and relays them to the machine on which it is installed. Experts now believe that the bugs in Bash may have been introduced into the software code accidentally in 1992.
Bash can run on devices and systems that use the Linux or UNIX operating systems or Apple OS X, but vulnerability doesn’t stop there. UNIX is deeply ingrained into the Internet, and experts estimate that as many as 70% of Internet-connected devices run Bash. It’s also used frequently in consumer electronics, from watches to cameras.
Here are the takeaways you need to protect your firm.
From a broader perspective, we find it deeply concerning that a software flaw could have existed for 22 years, undetected. It makes us wonder how many other “low-level” programs―perhaps that are also deeply ingrained in the Internet or other systems―have similar flaws.
To learn more about Shellshock or to discuss proactive software updates, vulnerability assessments and/or software audits, fill out our inquiry form or give us a call at (770) 569-4600.