Tuesday, September 30, 2014

Shell Shock vulnerability in UNIX discovered after thirty years hits core infrastructure


The last few days saw frenzied remediation of a critical vulnerability called Shell Shock which allows a hacker to fire remote privileged commands to UNIX servers. UNIX is an integral part of the core Internet infrastructure, and BASH (the shell which is vulnerable) is a well-used program. The program has been in use for the last thirty years before the flaw was recently uncovered.

A remote compromise simply means that websites, cloud services and internal datacenters are all vulnerable to cyber-attack either from malicious insiders or if accessible remotely, from cybercriminal across the globe. Such attacks result in data theft, downtime and outright wiping of data from these servers. Given the nature of BASH, there is the fearful possibility of automated exploitation of the vulnerability using a small piece of mobile code called “worms” which travels over the network infecting servers.

The good news for most cybercitizens using the Windows operating system is that it is not affected and therefore home networks which use Windows based laptops and desktops are relatively safe. Apple has released a patch for the Bash vulnerability for its OS X Lion, Mountain Lion and Mavericks software. Mac users are advised download the Bash update and patch their systems. Apple had earlier advised that OS X, systems are safe by default and not exposed to remote exploits of bash unless users configure advanced UNIX services.The bad news is that most online services are built on UNIX and unless they are patched quickly a potential breach would affect a cybercitizens security and privacy. 

Most of the large service providers will take quick steps to assess their vulnerability and ensure remediation with available patches and other countermeasures.  This should reduce the risk to most of the services cybercitizens commonly use. Cybercriminals will attempt to exploit the time to remediate by targeting vulnerable and financially lucrative systems. Therefore for system administrators and security professionals it is literally a race against time. For cybercitizens, who own Apple Mac’s the patch should be quickly installed.

There are multiple core vulnerabilities yet undiscovered or undisclosed, which in future will have an overriding effect on the resiliency of the networks and services that form the Internet. These exist due to the difficulty in security testing products, assumptions on the secure nature of mature products and as we are all well aware, due to governmental action which requires pre-installed backdoors or weakened security defenses :- such as in the case of data encryption.

Cybercitizens should be aware that core vulnerabilities are a lurking problem that may surface as targeted attacks on large companies at any point in time, and will most certainly be used during a proxy or cyberwar. Governments today, maintain a war chest of similar vulnerabilities.

The only tip that I could possible offer is to keep an offline copy of the data or transactions stored online. Paper back-up of critical documents may seem archaic but seems to be a good idea.

No comments:

Post a Comment