Tips to help protect yourself from the Shellshock bug

If you thought Heartbleed, this year?s major computer bug that effected thousands of machines around the world, was big ? think again. Experts have uncovered a new bug dubbed Shellshock.

It is reported that the bug can be used to remotely take control of any system using a software component called Bash, which is part of many Linux systems as well as Apple?s Mac operating system.

What has the industry said about it?

Professor Alan Woodward, a security researcher form the University of Surrey, told the BBC: ?Whereas something like Heartbleed was all about sniffing what was going on, this [Shellshock] was about giving you direct access to a system.?

Who is affected?

Servers, home computers, and embedded devices are all vulnerable.

Users running Linux and Mac OS X on their PCs are at risk, but it is thought that the most likely target will be web servers running the Apache web server software.

How can I check if I?m vulnerable?

You can check if you?re vulnerable by following this simple procedure. Run the following lines through Bash (if you have it) and if you see the word ?busted? appear then it means you?re at risk. If you don?t, you?re safe.  

env X=”() { :;} ; echo busted” /bin/sh -c “echo completed”
env X=”() { :;} ; echo busted” `which bash` -c “echo completed”

Is it actually bigger than Heartbleed?

Although Heartbleed has been touted a more serious bug than Shellshock, the former only affected around 500,000 machines; whereas it is anticipated there are potentially 500 million vulnerable machines to Shellshock. It is also considered a relatively easy bug for hackers to capitalise on.

Is there anything I can do to try and stay safe?

Use up-to-date software

Make sure you are using the most up-to-date anti-virus software and security patches by installing the latest updates. Check that you?re also using the latest operating system for your computer or MAC and your firewall is on to block unnecessary inbound traffic.

Password change

Make sure you change any passwords that may have been compromised or have not been changed in the last 30 days. It?s also important that unencrypted passwords are never stored on a device; instead use a password manager application. Try to also ensure passwords are complex and at least eight characters in length.

Backup important information

Ensure all files, including documents, photos and bookmarks are backed up on another piece of hardware or in the cloud in case you can no longer access them from your computer. Never store sensitive files or data on your local hard disk either, back it up instead.

Beware of scam emails or suspicious links

Try and avoid opening suspicious emails that come from unrecognised sources that recommend you download and run a piece of software to fix the bug. Scammers use events like these to infect your device so resist clicking links or downloading software, unless it comes from a reputable source. Delete these emails immediately.

And finally?

The mentioned tips are just a selection of general cyber-security tips, so in order to keep fully protected you should check your system operator?s website for developments and the latest available patches.

For further information on patches and security tips, visit: