A major coding flaw discovered recently affects Unix-based computer systems. Since 1992 a vulnerability has existed in the Bash software that allows for command lines and scripts to be exploited. With the recent Shellshock Bash attack vectors announcement, several patches were quickly deployed in an attempt to combat this global cybersecurity attack in the Bash Unix command-line interpreter. Red Hat developed and shared a slightly different patch than the upstream patch because Red Hat believes it's a much more effective patch [1].
For those not sure of the widespread risk of Shellshock, the industry is comparing this issue to Heartbleed.
Apple Issues Patch for OSX
To complicate things even further, many Macintosh laptop and desktop users are also feeling stress and frustration since Bash can affect the Unix-based operating system, including OSX. As promised, Apple has issued a patch for Macintosh users. The company also states that most users will not be affected. Hopefully, that will be the case.
The Medical Community is also a Target
The impact of this cybersecurity attack can be extensive since Linux is used in diverse situations such as servers, consumer routers, and embedded electronics including medical devices to industrial equipment.
Yahoo Falls Victim
The potential risk in the medical community is of concern because many devices run embedded operating systems. An editorial in Information Week Healthcare raised the issue that this will be the beginning of an ongoing trend that the industry needs to address. The article also brings up the need for medical device manufacturing standards [2].
Retail on Alert
According to cybersecurity expert, Jonathan Hall, two Yahoo servers were compromised by the BASH breach in technology security. The problem was Yahoo's use of an old version of BASH server technology. Hall said the hackers were searching access points within the network for the popular Yahoo! Games and its millions of fans. This information security breach was confirmed by Yahoo [3].
Based on directives from ComplianceGuide.org, customers should keep systems updated, and carefully monitor server activity and logs for any type of malicious or atypical activity to protect user data. It's important to limit the level of services on the web and stay abreast of patches that should be applied immediately. There are still many unknowns in the payment card industry (PCI) and point-of-sale (POS) making it even more important to secure identity and access management [4].
References:
[1] https://securityblog.redhat.com/
[4] https://www.pcicomplianceguide.org/shell-shock-bash-bug-what-we-know/
Tags:
NewsOctober 9, 2014