What Is Shellshock And Should You Be Worried?

This isn’t a day at the beach, oh no. This is a software bug that has been sweeping the nation, but is it as dangerous as Heartbleed? In short, yes it’s extremely dangerous for those in the know. Shellshock, otherwise known as Bashdoor, is part of a group of security bugs in Unix shell ‘Bash’. Bash is basically free software that is used on millions operating systems such as Linux and Mac OS X, but can also be found ported to Microsoft Windows and Android devices.

It is a command processor, so it allows entry of basic and helpful commands on your computer through user input. The first bug found was reported on 24th September this year, which can result in a hacker being able to gain access to your computer system. It does sound all very scary, and it is, but there have been various patches to correct vulnerabilities. You should, however, still be wary.

When the news of Heartbleed came around, it came to light that 50% of web servers run Apache. Apache being a HTTP server and one of the biggest building blocks to creating the World Wide Web. Why does this matter? Because this 50% are likely to have some sort of version of Bash on them. This gives the potential for a hacker to effectively hack 50% of all computers around the world. Obviously this is worst case scenario; but we’re only just getting started with this bug and have time to put an end to it. If it isn’t caught, it has the potential to get bad fast.

The way the hack works is with a simply bit of code, or code injection as it were. If the characters "{ :;};" are included, any commands made after will still be processed, which makes it extremely easy for an attacker to strike. They’ve effectively used a key function of Bash against itself, the ability to define functions as a user. It is made even worse if this weakness is further exploited with the development of viruses that target loophole as this will mean the malicious programs will be able to replicate themselves, taking over more machines. On top of this every version of Bash beyond 4.3 if affected, which equates to a quarter of a centuries worth of installations.

Average Windows computer users can relax slightly, as this will only affect your system should you have installed Git or Cygwin. If you don’t know what these are, then you’re probably safe. Just be wary of any system updates, keep up to date and wait for official statements from your providers. However if you would like to make sure your system is totally free of bugs then you can use this Shellshocker tool. Those that are using Linux should check for Bash patch updates from their distro and OS X users should wait for Apple to release an update.