Skip to main content

What can we learn from the Shellshock, Bashbug crisis of 2014?

Once upon a time, life as a Linux or UNIX admin was pretty sweet, without nearly as many extended shifts or panicked phone calls in the middle of the night as poor Windows admins had to deal with.

Sadly, nothing lasts forever. With these systems coming to play such a widespread role in server management, it was inevitable that eventually somebody would find a vulnerability and exploit it. Nevertheless, the scale of the Bashbug crisis shocked everybody. What are the lessons we can learn to reduce the risk of something like this happening again?

What is the Bashbug?

If you’re one of the lucky ones and haven’t had to deal with this yet, the first thing you should be aware of is that it’s a problem affecting the UNIX Bash shell which issues and interprets commands given to servers by their admins.

In September last year it emerged that a vulnerability – dubbed Shellshock – meant that hackers had a backdoor into servers running Bash, so that they could run commands and effectively take over the servers. It seems likely that several systems were quietly hijacked like this before the story broke, enabling hackers to use them as zombies for doing things like cracking passwords, distributing spam or carrying out DDoS attacks, without the server owners knowing, though some of them may have wondered why everything was running so slowly.

Although patches for fixing Shellshock quickly became available, it’s thought that there as many as 500 million systems out there that remain vulnerable because nobody has yet realised that they need to be patched or found the right way to go about it.

Network vulnerabilities and the Internet of Everything

One of the reasons why the Bashbug has been hard to detect is that it’s buried at a very low level in old systems (going back 25 years), which generally don’t get checked in that much detail because they’ve been stable for such a long time.

The development on the “Internet of Everything” (aka IoE, one step beyond the Internet of Things and focused on the connection of infrastructure across multiple sites) has been the creation of many new vulnerabilities, both by enabling hackers to operate on a larger scale any by enabling them to reach beyond computers and access all kinds of things that we use in our everyday lives.

This means that the security of everything from burglar alarms to the food in our fridges can be compromised, not to mention entire public transport systems, city lighting grids and so on. In this situation, it’s vital to ensure that vulnerabilities like Shellshock are spotted as soon as possible and fixed immediately afterwards.

The shift in internet use from single business or domestic sites which connect with single ISPs to multiple devices connecting to multiple ISPs and each other means that access to a single server can potentially give a hacker access to many more, as harvesting passwords provides routes into other systems and areas as sensitive as people’s hospital records and finances. Therefore, it’s important not only to deal with the Bashbug locally, but also to promote widespread solutions because the security of individuals depends largely on the security of many.

Tackling the Bashbug

Even if you’ve already patched for the Bashbug, it’s not something you should forget about, as there have been reports of some patches not fully resolving the problem. The early ones were made and distributed as fast as possible, with no time for them to be checked as thoroughly as most such products.

Because of this and because hackers have been trying to develop workarounds, it’s important to treat Shellshock as an on-going problem. It’s also important to be wary if you have a Windows or Mac based system, as you may still have Bash running at a lower level (and Bash is part of many Mac systems anyway).

To make sure that this problem is eliminated and stays that way, you should make regular system checks at a deep level. Trend Micro provides some useful free tools for this, though its Deep Security software is the recommended choice if you want to do a really thorough search that also takes into account other potential system flaws. If you find that your system is vulnerable, it also provides a virtual patch that can give you the security you need.

Shellshock is unlikely to be the last problem of this type that we encounter, so managing this one effectively is important not only in the immediate term but because it can prepare us to act swiftly and effectively next time around.

Luke Salmond is editorial manager at

The post What can site admins learn from Bashbug vulnerability? appeared first on IT Security Guru.