A major coding flaw discovered recently affects Unix-based computer systems. Since 1992 a vulnerability has existed in the Bash software that allows for command lines and scripts to be exploited. With the recent Shellshock Bash attack vectors announcement, several patches were quickly deployed in an attempt to combat this global cybersecurity attack in the Bash Unix command-line interpreter. Red Hat developed and shared a slightly different patch than the upstream patch because Red Hat believes it's a much more effective patch [1].

 

For those not sure of the widespread risk of Shellshock, the industry is comparing this issue to Heartbleed.

 

Apple Issues Patch for OSX

 

To complicate things even further, many Macintosh laptop and desktop users are also feeling the stress and frustration since Bash can affect the Unix-based operating system, including OSX. As promised, Apple has issued a patch for Macintosh users. The company also states that most users will not be affected. Hopefully, that will be the case.

 

The Medical Community is also a Target

 

The impact of this cybersecurity attack can be extensive since Linux is used in diverse situations such as servers, consumer routers and embedded electronics including medical devices to industrial equipment.

 

Yahoo Falls Victim

 

The potential risk in the medical community is of concern because many devices run embedded operating systems. An editorial in Information Week Healthcare raised the issue that this will be the beginning of an ongoing trend that the industry needs to address. The article also brings up the need for medical device manufacturing standards [2].

 

Retail on Alert

 

According to cybersecurity expert, Jonathan Hall, two Yahoo servers were compromised by the BASH breach in technology security. The problem was Yahoo's use of an old version of BASH server technology. Hall said the hackers were searching access points within the network for the popular Yahoo! Games and its millions of fans. This information security breach was confirmed by Yahoo [3].

 

Based on directives from ComplianceGuide.org, customers should keep systems updated, carefully monitor server activity and logs for any type of malicious or atypical activity to protect user data. It's important to limit the level of services on the web and stay abreast of patches which should be applied immediately. There are still many unknowns for the payment card industry (PCI) and point-of- sale (POS) making it even more important to secure identity and access management [4].

 

References:

[1] https://securityblog.redhat.com/

[2] http://www.informationweek.com/healthcare/security-and-privacy/shellshocks-threat-to-healthcare/a/d-id/1316145

[3] http://www.independent.co.uk/life-style/gadgets-and-tech/news/shellshock-romanian-hackers-are-accessing-yahoo-servers-claims-security-expert-9777753.html

[4] https://www.pcicomplianceguide.org/shell-shock-bash-bug-what-we-know/

Tags:
News
Jacqueline von Ogden
Post by Jacqueline von Ogden
October 9, 2014
Since 1999, Jacqueline has written for corporate communications, MarCom agencies, higher education, and worked within the pharmacy, steel and retail industries. Since joining the tech industry, she has found her "home".