A few weeks ago, “Shellshock” was simply a psychological reaction to intense combat activity.
But since September, Shellshock has been known as something totally different. Shellshock is a software exploit that is terrorizing the world and causing companies across the globe to panic about security.
What is Shellshock and should you be worried? Here are 5 things you need to know about fall 2014’s biggest security buzzword:
5) It’s an entire family of security bugs which can affect Mac OS and Linux systems
The biggest problems with Shellshock are that it’s widespread, difficult to patch, and easy to exploit. Those three things make it the biggest security concern the computer world has faced in years.
Shellshock’s bugs come from Bash, which is a low-level computer program that has provided foundational frameworks for Unix-related systems for decades.
Almost all Unix-related systems are potentially affected by Shellshock, including any servers which run Unix, Linux, or other similar operating systems. Mac OS, which is based on Unix, may also be affected by the block.
Since Bash is compatible with every version of Unix, it’s the most popular shell for Linux and Mac operating systems.
4) It’s called Shellshock because it uses a shell to execute other programs
The people who name security exploits must think they’re really clever. Shellshock is called Shellshock because Bash is a shell. A shell is any program that is used to execute other programs.
Bash uses a text-based, command-line interface to launch these programs. Mac’s Terminal, for example, uses Bash.
The word Bash, by the way, comes from Bourne Again SHell, which is a reference to Stephen Bourne, who created a Unix shell even older than Bash known as “sh”.
Shellshock has also been called Bashdoor, which is a play on words involving “Bash” and “backdoor”. Get it?
3) Apple doesn’t seem to care about protecting its users from Shellshock
Shellshock was widely discovered on September 24 2014. Mac OS, like all other Unix-based systems, was vulnerable to the attacks.
In spite of that fact, it took Apple five days to release a security patch. Unfortunately, the OS X update Apple released on September 29 didn’t even fix all known vulnerabilities, which has caused many in the security community to accuse Apple of not caring about user privacy.
Apple, of course, has had a lax approach to security in the past. The Flashback virus affected nearly 1 million Mac OS users before Apple finally decided to offer a simple patch (something every other company had done months earlier, when the exploit was first discovered).
2) You may be affected by Bash
Bash is currently affecting all of the following types of computer users:
-Mac users
-Linux, Ubuntu, and other Unix versions where Bash is the default interface
-Any of the above users who are using an open, untrusted Wi-Fi connection (as opposed to a password-protected Wi-Fi network or an Ethernet cable).
Apple claims that its users are protected against Shellshock. That may be true. The real worry comes from Unix users. Most of the world’s servers run Unix-based operating systems with Bash as the default interface. This has caused security experts to scramble to cover their exploits.
Oddly enough, no Windows users are affected by Shellshock. That’s rare for a security exploit, but since Windows does not use Bash, this is totally a Linux and Mac OS problem.
1) It’s a 22 year old bug that was only recently discovered
Bash is incredibly old. It’s basically as old as the internet. It’s also remained largely unchanged over the years. That means this major exploit has gone undetected for nearly 22 years.
But the scary part of the bug is that it could have been detected 22 years ago. What if someone has known about this bug for years and has been continuously exploiting it to steal credit card data and personal information?
That’s unlikely. But it’s a scary thought.
It’s rare for a bug to surface after 22 years of being undetected. But with Shellshock, that’s exactly what happened.
Ultimately, the average computer users will not be directly affected by the bug. The vast majority of Mac users aren’t susceptible to the exploit (only Mac users which have configured their advanced Unix services are affected). All of us, however, might be indirectly affected by this exploit because it’s targeting Unix-based servers all over the world.
In any case, you can stay tuned to FixMyPCFree.com for more information about this exploit as we move forward.