For updated Shellshock Information: SecureNU – Shellshock Bash bug Information
This week security experts discovered an extensive security flaw in Bash, a component used in Linux and Unix operating systems, including Mac OS X. This vulnerability, nicknamed Shellshock, makes devices running Bash susceptible to hackers and worms. Several technology manufacturers have already released preliminary patches to help stop this issue.
What is Shellshock?
Bash is a program that typically runs in the background so many users are likely not aware of its existence on their devices, although it is used in several different operating systems. The security vulnerability makes it possible to add malicious code to existing Bash code, allowing hackers to take over the operating system, where they can extract important information and compromise the device. Shellshock has the potential to be a greater security risk than the Heartbleed bug, as there are a wide variety of systems that utilize Bash, and this vulnerability is easy to exploit.
What can we do to protect ourselves?
Preliminary patches are now available for several of the impacted operating systems. ITS strongly recommends that you update any Mac OS X, Linux and Unix operating systems once security patches are available. Please be aware that external websites may be impacted by this vulnerability, and if compromised, there is the possibility of worms being transmitted to your computer. Please note that over time more and more information is being discovered regarding the extent and impact of this bug.
What is ITS doing to protect Northeastern?
To reduce our risk internally, ITS immediately began working on updating all of Northeastern’s technology with the available patches, and will continue to do so as new ones are released, limiting the exposure of campus systems. Additionally we have hardened our firewall against this vulnerability. System administrators across the university are working now to apply necessary patches to impacted sites and services. ITS will continue to monitor the situation, assess the associated risks and provide updates on this security issue as more news of Shellshock becomes available. We are continuing to work with our partner providers and vendors to address this serious security concern. As this is a constantly evaluating situation, information and updates will continue to be posted on the Office of Information Security website.
Other Security Concerns – Phishing
In the coming weeks, it is vitally important that you have a heightened awareness regarding your security. Hackers and Internet criminals never pass up a good crisis. Expect to see spam and phishing emails in the future citing security concerns due to Shellshock. If you have any doubts about the validity of emails, contact the company in question by phone. For Northeastern-specific emails contact the ITS Service Desk.