If you are involved with cybersecurity in any fashion, then you know that yet another vulnerability has been discovered. However, this one could even be worse than The OpenSSL Heartbleed Vulnerability bug! Just a week ago a major security flaw was found in a UNIX based shell that is very well known as “Bash.” It is part of the operating system that is heavily based on UNIX which is also well known as Linux. The Mac OS system uses the basis of UNIX for its operating system. If you are using a Microsoft Windows operating system you are considered fine for now, until vulnerability is yet discovered. The vulnerability was discovered by a United Kingdom security UNIX expert named Stephanie Chazelas. Currently the vulnerability’s name is being called “Shell Shock.” (CVE-2014-6271) and (CVE-2014-7169).
Lack of cybersecurity talent poses major threat for national security
The odd thing about this newly discovered vulnerability is that it has been around and known for over twenty (20) years. However, no one had been able to develop exploits for the known vulnerability until now. Getting into the technical realm of the Bash Unix based vulnerability flaw, the vulnerability can be exploited in a created programming development environment by malicious actors that are well versed in programming and developing malware. The Bash vulnerability involves programming code variables which are executed as soon as the Bash shell is called for executing a program within the UNIX based operating system. It is simply some extra code that is found at the end of a function within a computer program. The Bash Shell is called to execute programs within the Linux operating system. The operating system software interacts with the Bash Shell all the time while the software program is running.
The scary thing is that this flaw and vulnerability is a lot larger than the OpenSSL Heartbleed bug that has plagued and is continuing to plague cybersecurity experts and researchers until this day. The Shell Shock vulnerability will be tough to patch because of the vast number of systems that interact with UNIX based operating systems such as a multitude of Mac OS systems in Apple based products. There are other types of UNIX based operating systems which are variations of the Linux operating system such as CentOS, FreeBSD, Debian and Red Hat.
The first steps in attempting to mitigate the Shell Shock vulnerability bug is to scan for older computer based services such as communications protocols of Telnet and FTP, older versions of Apache based servers and any older device that maybe running these services for operations such as video cameras and old surveillance equipment.
The Bash Shell Shock vulnerability comes to us right at the time that many devices are connected and communicating with each other, such as in the new subject area of “The Internet of Things.” The Shell Shock vulnerability has been around, but yet it is now exploitable with today’s knowledge and technology. It is essential to be vigilant and proactive to be able to safeguard your computer systems from this long twenty (20) year known vulnerability that has been newly discovered. Please use this link to further scan and take precautions of guarding your systems from “Shell Shock.” There are other provisions listed by known and popular vendors such as Cisco.