26 September 2014
Wow, it’s amazing how quickly a piece of news can explode into our combined consciousness, and – when it comes to getting technical issues out into the spotlight – it can only be a good thing.
That being said, there is always a risk that people overstate the issue, and I think there was an element of that present yesterday when a bug was found in a piece of Linux software. Whilst it’s definitely a concern, the vulnerability was quickly sensationalised and described as ‘worse than Heartbleed’ before anyone really knew whether, in practice, this was true or not.
The bug in question was discovered in a piece of Linux software called Bash which, put simply, is the command interpreter that runs on machines with a Linux OS. At the time of writing, it’s still too early to tell how many systems will be affected, but from what we’ve seen so far through our own testing, it looks like you can’t exploit much without having prior access to the system.
This isn’t to say there won’t be issues. The world’s eyes are now firmly fixed on this story and there will be thousands of people trying to find active exploits, so it is still a risk. Deploying the relevant security patch and running updates is an essential next step. Here at UKFast, our amazing tech guys and girls have applied updates with the patch across our systems.
One thing this story does show us is that there are thousands of very clever people out there, discovering these kinds of flaws, as well as the cybercriminals doing it. The more of these vigilant hackers we can get on board to drive positive change online, the better.