Do I Need to Worry about Shellshock? A Non-Technical Breakdown of the Issue
A few months ago there was the Heartbleed virus. Then recently news broke of another issue: Shellshock. As a business owner, or even just an everyday computer user, you have one question; “Do I Need to Worry about Shellshock?”
How Shellshock Came to Be
The Internet is built on software that used and reused and then used some more. It’s filled with code that dates back five, 10, even 20 years or more. Some of this decades-old code – like Bash, the software program now plagued with the Shellshock vulnerability – has never been audited for security bugs. The result: viruses like Heartbleed and Shellshock.
“Worrying about this (Bash) being one of the most [used] pieces of software on the planet and then having malicious people attack it was just not a possibility,” said Brian Fox, who created Bash in 1987. “By the time it became a possibility, it had been in use for 15 years.”
Today, Bash is used by Google, Facebook, and just about every other big name on the Internet.
What is Shellshock?
As we mentioned earlier, codes, like Bash, have been used and reused and then used some more over the years. After all, Bash has been around since 1987, designed as a way for software engineers to interface web software with an operating system. Over the years, Bash was written and rewritten over and over again. Then in 1992, an error was written into Bash’s code, an error that would go unnoticed for years. In fact, it was not discovered until very recently.
You guessed it; that error was and is Shellshock. According to Wired, the bug allows hackers to run their own commands on web servers and take control of machines running Linux and Mac operating systems.
Linux and Apple have both released patches for Shellshock.
So, why the name Shellshock? Well, Bash is an open source software program known as “a shell utility, a black-boxy way of interfacing with an operating system that predates the graphical user interface.”
Do I Need to Worry about Shellshock?
So do you need to worry? Yes and no. Shellshock is extremely serious, but it is not the end of the world. It’s not even the end of the Internet. But Shellshock does require your attention. According to Nicole Perlroth of the New York Times, as many as 70% of the computers connected to the Internet could be affected.
“However, we shouldn’t be scaring the average PC user because there is very little (if anything) that they can do to fix these problems,” explains Frederick Lane, author, consultant, and computer security expert.
With Heartbleed, the best course of action was wait for your favorite sites to patch themselves and then change your passwords and. With Shellshock, the best course of action is to patch your Mac or Linux computer and hope everyone does the same.
If you have any questions about Shellshock, please contact Adventure Web Interactive by calling (410)-788-7007 or by clicking here today! For more information about web development, contact Adventure Web Productions now!