The Shell Shock Vulnerability
The bad guys are unfortunately at it again. Today the Internet lit up with news of a new vulnerability, officially named “CVE-2014-6271,” but more widely-known as “Shell Shock,” a reference to the environment exploited, known as a shell.
The shell in question is called BASH, itself an acronym for Bourne Again SHell. Nearly all Linux servers in the world have BASH installed; it is the most common shell in use today. A shell itself is what is used to interact with the operating system via command line.
Before we proceed, you should know that all Prewebhost servers have been patched as of this writing. We identified the issue very early-on and developed the necessary solution for our environment. We are, of course, continuing to monitor the situation and will react appropriately should the need arise.
As with any security or vulnerability risk, it is important to reiterate the importance of practicing good security to the extent of your ability as an end user. Always use secure passwords (you know the drill: upper- and lowercase letters, numbers and special characters), always keep any third-party scripts (such as WordPress, Joomla, etc.) up-to-date, and always uses the latest version of any software that you utilize… because the truth is that often software is updated strictly for security patch purposes.
Should the need arise, we will update this blog post accordingly. Otherwise, stay safe out there on the Interwebs!