We care about technology-enhanced human systems. So we thought we would share regular thoughts and opinions about why we think they matter so much.
A vulnerability called “Shellshock” has come to light that is making the headlines. In the wake of Heartbleed earlier in the year, this one affects many more systems and has a much greater impact when exploited. Thankfully, while an estimated 500 million computers have the bug, only a very small number of them can be exploited.
The four main attack vectors are currently: CGI based web services; telnet/ssh connections; dhcp clients and passing arbitrary user input through to bash scripts.
At 3D MarComms, the only one of those with relevance to us is the ssh connections that our developers use, but it's only exploitable by people who already have accounts. We don’t give anyone ssh logins to our servers that we don’t already trust.
But as of last night/this morning every one of our servers has been upgraded or patched and tested to be clear of the vulnerability. We are expecting there to be fresh discoveries in the aftermath of this issue, and will be keeping our eyes on the issue and ensuring each machine is properly protected.