We’re sure the news about Shellshock (or Bashdoor), the internet’s latest deadly bug, has reached you in some way. You may have seen recent coverage about it on the BBC or the New York Times. Essentially, on 24th September 2014, the bug was found by researchers in a piece of software used by millions of businesses and websites around the world.
The bug was found in a system used to power over 60% of servers used on the internet. In specific environments the bug can be used to gain unauthorized access to server systems. Rated a ten on the vulnerability scale, Shellshock is very dangerous.
Some experts are predicting the bug to be even more dangerous than this April’s Heartbleed bug; the difference between the bugs being that while Heartbleed’s purpose was to find out what was going on in and around your computer system, Shellshock gives the hacker direct access.
Nothing to see here
The data and information surrounding Shellshock can be scary and while it’s important to remain vigilant, SmartFocus are pleased to remain completely undisrupted. At no point has any of our data been exposed to any potential dangers arising from this nasty internet bug. In addition, the components used by SmartFocus are not affected by the Shellshock bug.
Although our systems are not (and have not been) at risk of exposure, we have proactively rolled out updates to remove the Shellshock vulnerability from our server software. We believe that this was an essential move in order to help retain a healthy status quo. We also immediately performed a comprehensive audit to confirm our server security. The great news is these updates have not resulted in any downtime, and there will be no impact to SmartFocus users.
We do recommend all of our customers remain wary and internet savvy. Remember to check with any vendors and partners you might have to make sure they have taken similar precautions.
In the meantime, we’re remaining on top of Shellshock and, of course, are happy to answer any questions.