Your IT Support Experts

We partner with many types of businesses in the area, and strive to eliminate IT issues before they cause expensive downtime, so you can continue to drive your business forward. Our dedicated staff loves seeing our clients succeed. Your success is our success, and as you grow, we grow.

Free Consultation

Interested in seeing what we can do for your business? Contact us to see how we can help you! Sign Up Today

  

USA Computer Services Blog

USA Computer Services has been serving small and medium sized businesses since 2012, providing IT Support such as technical helpdesk support, computer support and consulting.

Caution: New Bash Bug Vulnerability Might Leave You with Shellshock

b2ap3_thumbnail_bash_bug_vulnerability_400.jpgFor users of Unix-based operating systems, there's a new threat on the loose. The vulnerability, promptly called the Bash bug, or "shellshock," is targeting systems equipped with Linux and Mac OS X. The bug allows remote users to execute arbitrary code within the operating system.

The Bash shell, commonly called the "Bourne again shell," has been a consistent feature for Unix-based operating systems for over 20 years. The official security blog at RedHat elaborates how the bug in the Bash shell is taken advantage of:

In Linux, environment variables provide a way to influence the behavior of software on the system. They typically consist of a name which has a value assigned to it. The same is true of the Bash shell. It is common for a lot of programs to run bash shell in the background. It is often used to provide a shell to a remote user (via ssh, telnet, for example), provide a parser for CGI scripts (Apache, etc) or even provide limited command execution support (git, etc).

Complications can occur if the source code behind environmental variables has been altered before the bash shell is summoned. This allows arbitrary code to be disguised inside software and masquerade as something legitimate, when in reality the threat is hidden within programs and can alter the functions of the software. The most concerning way of exploiting this bug is to allow remote users to execute malicious code within the system. Due to the incredible amount of software out there which utilizes the bash shell, the potential damage this bug can cause is devastating.

Ever since the bug was revealed, hackers have been flocking to take advantage of it. There have already been several attacks utilizing the vulnerability, including denial of service attacks and botnets. Researcher Robert Graham has already detected 3,000 systems vulnerable to the bug, and estimates that the actual number of operating systems which could be attacked are several times greater. In a Twitter post, Graham says, "I think I was wrong saying that Shellshock was as big as Heartbleed. It's bigger."

Top security researchers are concerned, and you should be too, especially if you use Linux or Mac OS X on your business's networks and servers. Even if you don't, Bash script is used on a lot of mobile software, putting most Internet of Things technology at risk of compromise. In fact, the threat is so huge that the United States Computer Emergency Readiness Team (US-CERT) has issued an alert to the masses: download the patch before the Bash bug infects your systems. The last time the US-CERT issued an "alert" on their official security website was for the Backoff Point-of-Sale malware, which targeted sales terminals and stole credit card numbers from plenty of individuals across the globe.

Patches are coming in slow and steady, but they aren't enough to keep up with the bug. While patches have been issued, the are not complete. However, RedHat still suggests that you use the partial patch until the complete one has been released. USA Computer Services can help your business take advantage of the patch, and we can offer you assistance with protecting your business's network from the attack. Just call us at (704) 665-1619.

Automation: Is it Suffocating Real-World Talent?
How One Business Owner is Fighting Yelp in the Mos...
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Monday, December 23, 2024

Captcha Image

Customer Login

Contact Us

Learn more about what USA Computer Services can do for your business.

Headquarters:
525 North Tryon St. #1600
Charlotte, NC 28202

Additional Location:
859 Willard St #400
Quincy, MA 02169
Additional Location:
60 State Street #700
Boston, MA 02129