In short, bash, the shell used on many computers including OS X and Linux machines as well as connected devices, can be exploited remotely. The trick is that you can potentially run malicious code just through a specially-formed HTTP request. Nothing has been compromised… yet. But the possibility is always there.”If you’re running OS X or Linux, type this into your terminal:n
env x='() { :;}; echo vulnerable' bash -c 'echo hello'nnIf you see the word "vulnerable" then you're vulnerable. You're probably vulnerable. That's the scary part.n
“Good for you. You’re safe… for now. The bug doesn’t bother folks not using bash.”Ok. Go over here and follow these instructions. This fix requires you to patch and recompile bash, which could be a frustrating process if you haven’t installed Xcode. However, expect an OS X update to roll out shortly to fix this. If you’re not actively serving data, then you might be OK for a bit.”To see if you’re compromised, type this into your terminal:n
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"nnIf you see "vulnerable" then you're compromised. Update your version with this command (if you're running Ubuntu).nn
n
apt-get update && apt-get -y upgradennTry the exploit again. Still bad? Try:nn
n
apt-get install -y bashnnYou should be OK after this, but remember: anywhere bash is Shellshock will follow. If you're running any sort of embedded Linux, this is a big deal. Keep an eye on your servers and update ASAP.
“Update, upgrade, and patch. Do it now. Do it quickly. Chances are you won’t be compromised but they also said the Titanic couldn’t sink. Fix your stuff ASAP.”
Another week, another massive security vulnerability that is almost a household name. How bad is it? Really bad. According to Matt Harrigan of PacketSled, “It’s really pretty astonishing how bad this bug is and how long it went unchecked. To be clear, the scale of impacted machines includes anything that runs bash. This includes a ton of consumer products, wireless routers, handheld phones, etc.”
Ugh.
What do you need to know about Shellshock and what can you do to ensure your machines aren’t compromised? Read on.
John Biggs is a writer, consultant, programmer, former East Coast Editor and current contributing writer for TechCrunch. He writes mainly about technology, cryptocurrency, security, gadgets, gear, wristwatches, and the internet. After spending his formative years as a programmer, he switched his profession and became a full-time entrepreneur andwriter. His work has appeared in the New York Times, Laptop, PC Upgrade, Surge, Gizmodo, Men’s Health, InSync, Linux Journal, Popular Science, Sync, and he has written a book called Black Hat: Misfits, Criminals, and Scammers in the Internet Age.
