Take precautionary measures against Shellshock
NZITF urges Internet users to take precautionary measures against “Shellshock”
The New Zealand Internet Task
Force (NZITF) are today warning Internet users and website
owners to be more vigilant and take some basic steps to
protect themselves as criminals devise new ways to exploit
this vulnerability.
NZITF Chair, Barry Brailey, said the Bash vulnerability has the potential to be very significant. Criminals are looking for ways to exploit this and attack web servers. Vendors are racing to develop patches and fixes; customers need to be vigilant and check for updates frequently.
The vulnerability has been discovered in the Bourne again shell, commonly known as bash which is present in most Linux and UNIX distributions, including Mac OSX.
NZITF recommends the following actions:
1. Patch
fast, patch often.
Everyone should apply patches to keep
software and operating systems secure. However, users on
Apple Mac computers running OSX, should ensure that they
check on the App Store for updates at least once a day until
this vulnerability is resolved.
2. Be extra vigilant of
malware and scams over the next few weeks.
If there is
an increase in the number of websites being compromised,
these could be used to launch malware or scams. Make sure
that you keep your paranoid filter on high for the next
little while.
3. Educate yourself.
Visit the NZITF’s
website (http://www.nzitf.org.nz/news.html). You
may want to check back frequently as this situation is
evolving.
4. Monitor logs and reduce attack surface.
Businesses and website owners should consider shutting
down vulnerable non-critical systems until they can be
patched and monitor their firewall and access logs for
indications of attack.
More advice tailored for Businesses or end users can be found on the NZITF website (http://www.nzitf.org.nz/news.html).
Ends