Blog

Network Synergy Blog

Network Synergy has been serving the Trumbull area since 1988, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Alert: Don’t Get Hit with Shellshock by the New Bash Bug

b2ap3_thumbnail_alert_bash_bug_400.jpgA new malicious threat in the technical marketplace has just been discovered. The bug, dubbed the Bash bug, or "shellshock," is on the loose for users of Unix-based operating systems, like Linux or Mac OS X. It allows the execution of arbitrary code on affected systems, and could potentially be very dangerous for your business. In fact, CNet is calling it "bigger than Heartbleed."

Bash, which is commonly referred to as "Bourne again shell," is a staple feature of most utilities in Unix-based operating systems. RedHat's official security blog details the nature of the bug in the Bash shell:

In Linux, environment variables provide a way to influence the behavior of software on the system. They typically consist of a name which has a value assigned to it. The same is true of the Bash shell. It is common for a lot of programs to run bash shell in the background. It is often used to provide a shell to a remote user (via ssh, telnet, for example), provide a parser for CGI scripts (Apache, etc) or even provide limited command execution support (git, etc).

The problem is found in the environmental variables with specific values being used before the bash shell is summoned. These variables can contain code which is executed as soon as the bash shell is called. The name doesn't matter, so the content could be disguised as another, non-malicious variable. The most concerning vulnerability this bug provides is the ability for remote users to execute malicious code before the bash shell is activated.

Attacks have already been reported utilizing this vulnerability for a number of functions, including denial of service attacks and password-guessing bots, which randomly input poor password choices on unprotected servers. Researcher Robert Graham has located at least 3,000 systems vulnerable to the bug with a fairly specific search, and it is estimated that several times more machines could be vulnerable to this bug. This makes the threat very real, and if you use Linux or Mac OS X, your business's networks and data are at risk.

The threat is such a big deal that the United States Computer Emergency Readiness Team (US-CERT) has warned the public to download the patch before it infects their systems. To put it in perspective, the last vulnerability to make "Alert" status was the Backoff Point-of-Sale malware discovered in late July this year, which was able to steal sensitive information through sales terminals across the world.

While a patch has been released, it doesn't fix all vulnerabilities presented by the bug. However, it is still recommended by RedHat that you acquire the partial patch until the complete one has been issued. For help acquiring the patch, call Network Synergy at (203) 261-2201. We'll apply it remotely so you have to worry as little as possible.

Tip of the Week: How to Reorganize Your IT Infrast...
Are You Sure Your Former Employees Won’t Stab You ...
 

Comments 1

Susan Taylor on Saturday, 20 July 2019 09:22

I might want to thank you for the efforts you have made in writing this article. I trust a similar best work from you later on also. Truth is told your creative writing capacities have motivated me to begin my own blog now. Truly the blogging is spreading its wings quickly. Your write up is a fine example of it. It was crystal clear continue sharing. To know more you can use this best essay service to having a superb help in writing and even they can guide well in your writings.

I might want to thank you for the efforts you have made in writing this article. I trust a similar best work from you later on also. Truth is told your creative writing capacities have motivated me to begin my own blog now. Truly the blogging is spreading its wings quickly. Your write up is a fine example of it. It was crystal clear continue sharing. To know more you can use this [url=https://clazwork.com/how_it_works.php]best essay service[/url] to having a superb help in writing and even they can guide well in your writings.
Guest
Already Registered? Login Here
Guest
Sunday, 24 November 2024

Captcha Image

Contact us

Learn more about what Network Synergy can do for your business.

Network Synergy
126 Monroe Turnpike
Trumbull, Connecticut 06611

Network Synergy Corporation BBB Business Review

Best IT Managed Service Providers in Bridgeport aicpa logo net syn

News & Updates

Network Synergy is proud to announce the launch of our new website at www.netsynergy.com. The goal of the new website is to make it easier for our existing clients to submit and manage support requests, and provide more information about our services for ...

Copyright Network Synergy. All Rights Reserved.