If you thought Heartbleed was bad, you might be surprised to know that Shellshock has the potential to be significantly worse.
Shellshock is without question the most complex, and hearty security threats to hit the internet in a very long time.
Yes, Heartbleed was a serious threat last year, but ShellShock poses a much larger, and much more daunting threat to the general operation, as well as the security of our entire wired infrastructure.
There are a lot of questions though surrounding the threat as a whole. How does it work? Who will it impact? How can you protect yourself from the superbug? And most importantly, what are companies doing to protect themselves from the threat that is ShellShock?
Putting a lot of this information in simple English can be a challenge, but even if you don’t understand all of the technical lingo that’s associated with Shellshock, having an understanding of what this superbug can do, how it does it, and what you, as well as others can do to protect yourself.
How it works:
In simple terms, ShellShock is the exploitation of a bug in Bash. Think of Bash as the “doer” of your commands, when you execute a command on a computer – if you’re running a system that utilizes Bash. After you understand what specifically Bash is, in terms that, no it isn’t an operating system, and no it’s not on every computer.
Linux systems are most at risk for attack via Shellshock. And that really limits the “at home” impact, since few home systems would ever run Linux. Windows systems aren’t vulnerable in any way. Though some speculate that the router you are running from could become compromised, and that could initiate a series of problems.
However, once the system has been compromised – in theory – absolutely anything on the system, including complete control over the system – is up for grabs, and that is the real and significant problem associated with ShellShock.
While anyone running a modern version of Mac OS X or Linux, is at risk, if you’re a typical home user of a computer – and aren’t running any super-sensitive, or super-expansive tests – there isn’t a lot of risk involved.
That doesn’t mean that you can’t be attacked, it just means that if you use a firewall, like most home users do – and pay even just marginally close attention to what you’re doing on your computer locally – you will be fine. And if you’re running a Linux system, updates and patches have already been released.
As I mentioned hardware before, specifically, routers – which are the devices that conduct and hone our Wi-Fi connections in typical households – the first and only thing anyone needs to do is consult your manufacturer’s website, and ensure your firmware is up to date.
What are companies doing?
Most companies have reacted quite simply, and thoroughly to the bug. While the bug does pose a significant threat should the bad guys really get going, with regards to writing the code that will eventually be used to attempt to take over, or crush larger systems – the threat in this very moment is minimal.
Companies are doing a very good job of providing updates where ever they need to be. Whether it’s a firmware update to the hardware or a software update to better the quality of security on an entire operating system, as has been seen with Linux and Mac.
Generally, the important thing to remember is prevention is the best method to remaining virus free. The flaw itself in the system isn’t a virus. It’s a flaw that can be exploited within Bash. Companies cannot delay their reaction to ShellShock because of the potential catastrophe it could cause.
ShellShock could do a level of damage that we haven’t ever seen before on the internet, and in the modern technology world.