Is Your Webserver Vulnerable To SHELLSHOCK ?
Adam Milton-Barker | Sep 26, 2014 | Web Apps, Security & Hosting | 4235 Security is something that plays a major part in our day to day life. As a developer it is my job to do everything I can to ensure that the systems that are provided through TechBubble and oIsCore are secure for clients and their clients. Earlier this year there was the discovery of a world wide cyber vulnerability known as the Heartbleed Bug which was a global issue that affected millions, and probably billions of people. The bug was a vulnerability in a cryptographic software called OpenSSL which is very popular with web admins around the world. The security updates that I carried out in June ( https://www.techbubble.info/blog/online-security/web/entry/TechBubble-SSL-Report-Grade-A-plus-Security ) . Helped to overcome the vulnerability and also enhanced the overall security of our server taking it from a C to an A+. More recently there has been a major new discovery of a bug that could of been around for the last twenty years. ShellShock uses Bash scripts to communicate with vulnerable servers. Once they have accessed a server they can launch programs and basically do a lot of bad. Although this bug targeted at only web admins and hosting companies, it is a lot more dangerous than The Heartbleed Bug. If you are a web admin please follow the instructions in the following links. I did last night and found out that our server was infact vulnerable. After following the instructions provided I updated Bash and the issue was resolved. http://lifehacker.com/how-to-check-if-your-mac-or-linux-machine-is-vulnerable-1639211806 http://www.linuxnews.pro/patch-bash-shell-shock-centos-ubuntu/ If you are a customer that has an online presence this is important for you to know, please contact your web developers and insist that your hosting environment be updated if it has not yet already been.