The Heartbleed security flaw from a few months ago may have put everyone on edge about internet security, and it’s a good thing it did. The response to the most recent bug has been a lot more low-key, possibly because we were all a little more prepared for it, even while it seems to have affected potentially more users than Heartbleed.
Called the Shellshock, or Bash Bug for the way it operates within the Bash shell, this new issue was discovered on September 24th, and news quickly circulated of its potential for problem causing. Basically anything that a legitimate user of a Bash shell-enabled computer, server, or device can do, an attacker can also do remotely.
While the good news is that many average consumers don’t engage in all the behaviors that make Shellshock a true threat to their data, the bad news is that the vulnerability that made hacker access possible was specifically exploited to breach computers that are connected to a server. This means that businesses and corporations that store a lot of gathered data are the most at risk, putting consumers’ personally identifiable information in danger, too.
When the Shellshock or Bash Bug was first uncovered, the early estimates were that somewhere in the neighborhood of several hundred thousand servers were vulnerable, but some industry watchers are already saying that this number might be a little low. The real danger from this bug is that the hacker can have all of the same access that a legitimate user can have, and can therefore theoretically insert code or software into the system without calling attention to it, meaning the breach may go unnoticed indefinitely while hackers quietly access information from the server.
Much like Heartbleed, it’s thought that the Bash Bug has been in place for a long time and has simply been overlooked; it’s possible but unknown at this point if individuals have already exploited the bug sometime in the past and simply not said anything about it. Unlike Heartbleed, though, which is thought to have been in place for only a handful of years, some experts believe that Bash Bug vulnerability may have been in place for nearly twenty years.
The first step for individuals who are concerned about their privacy and security is to determine if their systems use the Bash shell, and then download the patch from their tech providers if they are affected. These patches are important for the protection of your system and your information. There are also handy guides from companies like Red Hat that will help you determine whether or not your computer or system has been affected.
The next step is to remember to use this as a wakeup call. Right now, experts believe Windows is not affected and that Mac and Linux users have the most to worry about, but that doesn’t mean it’s okay to disregard these warnings. Make sure you’re backing up important data and then removing it from your system, preferably by moving it to an external hard drive that does not stay connected to your computer when it’s not in use. Much like Heartbleed before it, Bash Bug can serve as a reminder that our technology is only as secure as we can make it, and that there are vulnerabilities in almost every system. Protect your content, your data, and your system through careful monitoring, and don’t wait until there’s a new bug to make sure you’re in the clear.
If you found this information helpful, you may want to consider taking part in the Identity Theft Resource Center's Anyone3 fundraising campaign. For more information or to donate please visit http://www.idtheftcenter.org/anyone-3.