Shellshock Bash Bug

September 26, 2014

What is it?

The so called “Shellshock” bug was created a long time ago (1993) in a software called “Bash.”  Bash is used in many systems including web servers, routers, Mac OS, and possibly Android.  This bug has been out there, but not discovered until September 24, 2014. Since then, private and government hackers have been working to exploit this.  So it is a race.  Can enough of the systems be patched before hackers can do serious damage?

As a user, what should I do?

On a Mac, check for updates in the Apple menu, “System Update…” regularly.  Apple pushes out updates and you will be notified to update.  Do not ignore the update or put it off.  Do the update.  Apple claims that the majority of Macs are safe but will not provide details as to why.  As of September 26 at 6:45 AM EST, Apple has not released an update.  Continue to look for updates even after a patch.  Patches like this are often incomplete to get them out there and then refined later and rereleased.   You can update just Bash on a Mac now to be immediately safe.  There are detailed explanations on the web.  I can do the update for you remotely or in person if you are concerned.

On your cable or dsl modem, they will likely remotely push the update.  I have noticed something happening today with my Charter modem.  I suspect Charter has been pushing updates.  If you are concerned, call them and ask.  Otherwise, leave this one alone.

On your own router, wi-fi router or other equipment connected to the Internet, look for updates now and check again often.  Some of this equipment lets you check from their control panels.  Some you will have to look up the model number and compare with the latest releases on the manufacturer website.  Call me and I can remotely look at your equipment.

On your hosted website, call your hosting company or check their websites for status on this.  They should update it.  I host my client’s sites on Amazon EC2 servers which I manage.  Yesterday morning, I applied the initial patch.  Today, I applied an updated patch and will keep checking.  I also have strict firewall limitations that make it difficult for a hacker to exploit this on my systems.

On your Windows computer, don’t do anything.  This does not affect you.

On an android phone or tablet, you are probably fairly safe.  But check with your carrier or manufacturer for updates.

For any other questions or to have me look at systems and equipment, call me at 860-341-1759 or email at brian@desertcompusulting.com.

 

Brian Bynes IT Consulting
860-341-1759