No, we not talking about the next installment of your favorite first person console game. Meet “Shellshock”, the first major Internet threat to appear since April’s discovery of “Heartbleed”, which affected OpenSSL software in two thirds of all web servers. This latest bug is being compared to the HB incident simply because the software at the center of the bug, known as “Bash”, is used extensively on many web servers and computers around the world.
On September 24th, the day this bug was uncovered, TorGuard took immediate action and patched all systems to protect against potential exploits from this vulnerability. Systems patched included all VPN/Proxy servers, SSH tunnel servers, DNS, Mail and webservers. Rest assured, no TorGuard clients will be “Shell Shocked” by this serious security development.
What makes this exploit very challenging is the fact that Bash is currently run by default on many Linux web servers, broadband routers, and even Mac OS X. A large range of applications use Bash for a variety of reasons, opening a number of different ways to potentially take advantage of this bug.
Red Hat’s security team, which first uncovered the vulnerability, explained: “This issue affects all products which use the Bash shell and parse values of environment variables. This issue is especially dangerous as there are many possible ways Bash can be called by an application. Quite often if an application executes another binary, Bash is invoked to accomplish this. Because of the pervasive use of the Bash shell, this issue is quite serious and should be treated as such.”
Attacks on Devices
Many top security experts have already voiced concern for the potential of attacks on broadband routers and other nodes used to manage critical infrastructure. This will be especially challenging to fix, as many devices aren’t configured to update automatically and as a result may never get fixed.
TorGuard clients who have purchased a DDWRT or Tomato VPN router from our VPN router store can sleep at ease knowing our routers do not ship with this vulnerable version of bash installed. If you are still using a stock firmware on your home or business router, it is imperative that you run any recent firmware updates. Or better yet, you may want to consider upgrading to a secure DDWRT or Tomato VPN router.