Take precautionary measures against Shellshock
NZITF urges Internet users to take precautionary measures against “Shellshock”
The New Zealand Internet Task Force (NZITF) are today warning Internet users and website owners to be more vigilant and take some basic steps to protect themselves as criminals devise new ways to exploit this vulnerability.
NZITF Chair, Barry Brailey, said the Bash vulnerability has the potential to be very significant. Criminals are looking for ways to exploit this and attack web servers. Vendors are racing to develop patches and fixes; customers need to be vigilant and check for updates frequently.
The vulnerability has been discovered in the Bourne again shell, commonly known as bash which is present in most Linux and UNIX distributions, including Mac OSX.
NZITF recommends the following actions:
1. Patch fast, patch often.
Everyone should apply patches to keep software and operating systems secure. However, users on Apple Mac computers running OSX, should ensure that they check on the App Store for updates at least once a day until this vulnerability is resolved.
2. Be extra vigilant of
malware and scams over the next few weeks.
If there is an increase in the number of websites being compromised, these could be used to launch malware or scams. Make sure that you keep your paranoid filter on high for the next little while.
3. Educate yourself.
Visit the NZITF’s website (http://www.nzitf.org.nz/news.html). You may want to check back frequently as this situation is evolving.
4. Monitor logs and reduce attack surface.
Businesses and website owners should consider shutting down vulnerable non-critical systems until they can be patched and monitor their firewall and access logs for indications of attack.
More advice tailored for Businesses or end users can be found on the NZITF website (http://www.nzitf.org.nz/news.html).