What is ShellShock or Bash Vulnerability?

1 Comment

  1. I’ll kick this off to a start. I use Linux for my home production systems. On about September 22 news was released about ShellShock. In just over 24 hours I received an update that ‘hardened’ the vulnerability. That didn’t fix the problem but sealed it from access. In several following updates different parts of the problem were fixed. As it stands now, only those Linux systems that haven’t had patches applied are at risk. Linux desktop users such as myself who watch and apply updates are out of the woods. Web servers using Linux must have the patches applied also to be safe, but there’s no way for a web surfer to know what servers have been fixed or not. All it takes is for some lax behavior from any server masters and ShellShock is just as real and active as ever. Linux is used on most modems, routers, mobile devices, smart TVs and other equipment. It’s up to the software suppliers of these units to apply any patches needed in updates for consumers. But the question here is, how much affect can ShellShock have these units? Has your modem or router or whatever been updated? How can you tell? Is it important?
    Now for those on the Mac end. Mac is also a Unix base. There are very few Mac servers in active use and Apple has released some patches too. There is quite a discussion as to whether ShellShock on Mac will have much of an affect. To that, I say again, all it takes is for a surfer to visit just one unpatched Mac server.
    I have to question the knowledge of anyone who says that since this is a Linux/Unix problem it won’t affect Microsoft units. If the BASH shell can be compromised on a server, any code or script can conceivably be created. Many such bits can be launched at Microsoft systems.
    I’m protected on my Linux desktops through default protections on all my system files from attack and through my firewall, and since the patches there’s no possibility of anyone using the ShellShock problem on my systems. Even if I visit an unpatched server I don’t have a worry. Microsoft users, on the other hand …

Leave a Reply

Your email address will not be published. Required fields are marked *

5 + 6 =