The “Shellshock” Bug – Bigger Than Heartbleed?

shellshock_bug_data_security-resized-600If you are an IT professional, then the mayhem following the exposure of the Heartbleed vulnerability is probably still fresh in your mind. Though only a few months have passed since that exposure in April, a new bug has recently surfaced. Last Wednesday, a major flaw was discovered in the Bash shell, one of the most widely used utilities in Linux – and experts are worried that it may actually present a bigger problem than Heartbleed. In the words of Securosis, an information security research firm, Bash is “the most popular command-line shell program in the UNIX world, installed on pretty much anything and everything,” and it appears that this bug may have existed for upwards of 20 years. Dubbed the “Shellshock” bug, this fatal flaw is a vulnerability in Bash that will allow attackers to remotely hijack any affected machine. While Heartbleed was difficult to use effectively, Shellshock is quite simple.

How Far-Reaching Could This Problem Become?

When a vulnerability like this one is exposed, it’s impossible to know exactly what might happen, since there are so many factors involved. This can lead to an exploit being virtually ignored, putting many companies in danger as they wait for a patch that will close the vulnerability. In real numbers, consider this: Shellshock has the potential to affect approximately 500 million websites, which constitutes about half of all websites in existence, in addition to billions of devices and servers in data centers that are connected to the Internet around the world.

What Can You Do?

Much like Heartbleed, this flaw can be fixed through the application of a patch (currently there is an incomplete version available). Though this seems like a simple fix, there are so many affected devices in existence that unpatched/vulnerable servers and devices will likely continue to exist long after a final patch has been released.

If you’re getting ready to upgrade or refresh your data center equipment, now is the time to patch all of your active systems – the new ones in addition to any old ones that you will be retaining. For help with data security for decommissioned or offline devices, and to speak with an ITAD vendor about data security during a data center refresh, contact or call Lifespan at (888) 720-0900.

More From Our Blog...