Connecting to LinkedIn...

W1siziisijiwmtuvmdqvmtuvmdgvntqvmzgvnzi1l01ptlrbu0hfqkxpr19vtljftkrfukvex0lnqudfx3jlc2l6zwrfyw5kx3jlbmrlcmvklmpwzyjdlfsiccisinrodw1iiiwimtkymhgxmjuwiyjdxq

Blog

Will the Bash Bug Be the Grinch that Steals Christmas?

15/12/2014 by Sharon Shahzad

W1siziisijiwmtqvmtivmtuvmtcvndqvmtavmtu1l0jhc2hfqnvnx2dpdmluz195b3vfu2hlbgxzag9ja19dvkvfmjaxnf82mjcxx3vwzgf0zs5qcgcixsxbinailcj0ahvtyiisijywmhg0mdbcdtawm2uixv0

The Bash bug, first exposed in September 2014, could be devastating for retailers and manufacturers this holiday season thanks to its wide distribution across Unix-based systems such as Linux and Mac. The Bash bug opened doors for hackers to access confidential information and take over systems with remotely-executed code, tacking on their malicious code to the environment variable in Bash, a command line shell in these systems.

The good news is that software companies started developing and distributing patches fairly quickly. There is bad news, however: some companies didn’t roll out all patches in a timely or comprehensive fashion. Oracle warned its users that more than 30 products were affected, but patches for only two products, Linux and Solaris, were immediately available. And many that did install patches may still be at risk because they failed to install subsequent patches that are required to fully close the vulnerability.

The fact that Unix-based systems are so intrinsic makes the problem particularly acute – delays in patching mean that many systems may have been vulnerable for a period of time long enough for hackers to install an intrusive bit of code. That code could still be sitting there, undetected, while hackers just wait for the right opportunity to pounce.

For hackers that want to maximize their holiday haul of personal information, including credit card numbers, what better time to pounce than the holiday season. On Black Friday and Cyber Monday, shoppers entered credit card information at unprecedented levels to score deals – and, unbeknownst to retailers, that command line interface vulnerability mentioned above may be exposing their customers’ data to hackers. Meanwhile, the retailer’s data security team is already fighting a fire somewhere else – Bash bug for some IT teams was relegated to lower priority.

It’s not certain that Bash bug-related hacks will bite retailers this holiday season, but the possibility is quite real and present. As we’ve seen in the past, large companies are by no means immune to hacking simply because they spend more liberally.  Hackers are patient guests, and waiting is actually a good thing for them. And there’s no better time to exploit a weakness than the holiday shopping season. The question is, which retailers will top the hackers’ holiday list this year?

It’s not too late for retailers to act. Certainly, executive teams and boards of directors would support decisive action that avoids front-page scrutiny and potential embarrassment. While it’s always better to have a long term strategy for cybersecurity, sometimes it’s important to fight the fire in front of you – even if it’s only smoldering. Bash bug may be smoldering right now for some and every line of code should be examined.

This article has been extracted from http://www.infosecurity-magazine.com, please click on this link to read the article in full http://www.infosecurity-magazine.com/opinions/bash-bug-grinch-christmas/

Montash is a multi-award winning global technology recruitment business. Specialising in permanent and contract positions across mid-senior appointments across a wide range of industry sectors and IT functions, including:

ERP, BI & Data, Information Security, IT Architecture & Strategy, Energy Technology, Demand IT and Business Engagement, Digital and E-commerce, Leadership Talent, Infrastructure and Service Delivery, Project and Programme Delivery.

Montash is headquartered in Old Street, London, in the heart of the technology hub. Montash has completed assignments in over 30 countries and has appointed technical professionals from board level to senior and mid management in permanent and contract roles.

comments powered by Disqus

Social Stream

Latest News

W1siziisijiwmtcvmdevmtgvmdkvmtqvmzmvmzk5l0vsuc5qcgcixsxbinailcj0ahvtyiisijm4mhgxmdajil1d

Sage bolsters X3 business ERP solution

2017-01-18 09:00:00 +0000

Sage, one of the global leaders in enterprise resource planning (ERP) solutions, has revealed that it has signed up a trio of new clients to its X3 business solution. With the Salesforce.com partner wanting to be able to show its ability to host larger clients, the firm revealed that BrightBridge, Atlas Cloud and CLOUT are all now utilising the new and emerging X3 ERP platform. Sage Vice President of UK Enterprise David Watts talked about the latest agr...

W1siziisijiwmtcvmdevmtcvmtavmzcvmzevmjq2l0nsb3vkighlywx0agnhcmuuanbnil0swyjwiiwidgh1bwiilcizodb4mtawiyjdxq

Cloud computing making its mark in healthcare

2017-01-17 10:00:00 +0000

The cloud computing sector has grown quickly, and businesses in various sectors have been quick to take advantage of its many benefits to improve services. One such market is the healthcare industry, which has been able to improve diagnosing and enhance treatment methodologies as a result of new technologies over the past decade. Cloud technology is helping one area in particular – the healthcare of people living in remote locations who would not ordina...