Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
You are here: Home / World Wide Web / Shellshock Bug Causing Chaos
Shellshock Bug Causing Widespread Computer Chaos
Shellshock Bug Causing Widespread Computer Chaos
By Jennifer LeClaire / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
Shellshock is certainly living up to its name. Security analysts continue to weigh in on the severity but are now pointing toward solutions. Also known as the Bash (Bourne-Again Shell) bug, most security researchers believe it’s bigger than Heartbleed, which affected two-thirds of the Internet.

Clearly, the bug is easy to exploit and the number of vulnerable programs are far more vast than Heartbleed, which has gone down in security history as one of the worst bugs ever. But we may not have seen anything yet. Brandon Edwards, Vice President of SilverSky Labs at cloud security firm SilverSky, told us to expect “chaos and mayhem" as the bad guys now rush to take advantage of Bash before it is patched.

“Major breaches are likely in progress as we speak. So what does it mean?” Edwards asked. “This vulnerability will likely continue to live on in unexpected places where no one has realized Bash is present, or which have no easy mechanism for patching. The Bash bug lets attackers directly execute commands/code and take control of the system, and exploitation is universal and incomprehensibly easy.”

Is Patching the Only Answer?

Users must patch, said Flavio De Cristofaro, Vice President of Engineering for Professional Products at network security firm Core Security. He told us some folks are recommending that users check whether or not they are running CGI (Common Gateway Interface) scripts -- but that is absolutely not enough.

“C++, Python, PHP and every other application that makes Bash calls are affected,” he said. “Other applications supporting DHCP, SSH -- restricted shell -- may be also affected, not only from a remote attack but also from a local privilege escalation perspective.”

De Cristofaro’s advice: patch, patch and patch. Patches are already available for most well-known systems, he said, or they will be available very soon.

“Some vendors published an early patch that was incomplete, and they had to publish a new fix today,” De Cristofaro said. “Putting aside Xnix distributions, companies will face significant challenges if they need to patch old systems or systems based on embedded devices like cameras, routers and ICS if they are running Bash. Fortunately, that shouldn’t be too common, since Bash is usually too heavy for systems like that.”

Why a Patch is Not Enough

John Prisco, CEO of Triumfant, an analytics firm that detects, analyzes and remediates malicious attacks, has a different take on the issue. He told us trying to solve this problem with a patch is old school thinking.

“Our adversaries won’t fall for this ineffective approach. Their malware design strategy relies on speed and they can morph their attacks faster than a patch can be deployed,” Prisco said. “Anomaly discovery and remediation systems are the right tool to combat advanced attacks.”

The bottom line is something needs to be done. Waylon Grange, senior malware researcher at IT security firm Blue Coat, told us he’s seen attackers target the Shellshock vulnerability almost immediately after it was announced. It seems the general consensus is that patching is the first step but ongoing analysis is vital to detecting morphed malware.

“Any organizations or users with unpatched Linux servers are vulnerable to hackers running unauthorized code, so it’s very important that organizations download and apply the patch immediately,” Grange said. “Blue Coat is already seeing DDoS botnets trying to utilize this vulnerability in their attacks and we expect that traffic to only continue to increase. However, it is still early in the game and organizations need to be vigilant and make sure they take steps to protect themselves.”

Tell Us What You Think


Posted: 2014-09-26 @ 3:26pm PT
I love my Windows 8.

Posted: 2014-09-26 @ 10:52am PT
I agree with Ghosthunter007, creating hysteria is a sure fire way for companies to make money. Stay calm and back away from the computer, you are not going to become part of a sinister bot net. Keep your Linux distribution updated and your finger off the panic button.

Posted: 2014-09-26 @ 10:19am PT
Bull. No chaos, easy to secure. Create a rule on your IPTABLES or Firewall / WAF that looks for "() {" then drop connection. End of story. This will get you by until a 100% patch fix is available. Security folks are just stirring the pot to make money.

Like Us on FacebookFollow Us on Twitter

Over the past decade, hospitals have been busy upgrading their systems from paper to electronic health records. Unfortunately, spending so much on EHR may have left insufficient funds for security.
The British government officially blamed Russia for waging the so-called NotPetya cyberattack that infected computers across Ukraine before spreading to systems in the U.S. and beyond.
© Copyright 2018 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.