Connecting to LinkedIn...

W1siziisijiwmtuvmdqvmtuvmdgvntqvmzgvnzi1l01ptlrbu0hfqkxpr19vtljftkrfukvex0lnqudfx3jlc2l6zwrfyw5kx3jlbmrlcmvklmpwzyjdlfsiccisinrodw1iiiwimtkymhgxmjuwiyjdxq

Blog

Will the Bash Bug Be the Grinch that Steals Christmas?

15/12/2014 by Sharon Shahzad

W1siziisijiwmtqvmtivmtuvmtcvndqvmtavmtu1l0jhc2hfqnvnx2dpdmluz195b3vfu2hlbgxzag9ja19dvkvfmjaxnf82mjcxx3vwzgf0zs5qcgcixsxbinailcj0ahvtyiisijywmhg0mdbcdtawm2uixv0

The Bash bug, first exposed in September 2014, could be devastating for retailers and manufacturers this holiday season thanks to its wide distribution across Unix-based systems such as Linux and Mac. The Bash bug opened doors for hackers to access confidential information and take over systems with remotely-executed code, tacking on their malicious code to the environment variable in Bash, a command line shell in these systems.

The good news is that software companies started developing and distributing patches fairly quickly. There is bad news, however: some companies didn’t roll out all patches in a timely or comprehensive fashion. Oracle warned its users that more than 30 products were affected, but patches for only two products, Linux and Solaris, were immediately available. And many that did install patches may still be at risk because they failed to install subsequent patches that are required to fully close the vulnerability.

The fact that Unix-based systems are so intrinsic makes the problem particularly acute – delays in patching mean that many systems may have been vulnerable for a period of time long enough for hackers to install an intrusive bit of code. That code could still be sitting there, undetected, while hackers just wait for the right opportunity to pounce.

For hackers that want to maximize their holiday haul of personal information, including credit card numbers, what better time to pounce than the holiday season. On Black Friday and Cyber Monday, shoppers entered credit card information at unprecedented levels to score deals – and, unbeknownst to retailers, that command line interface vulnerability mentioned above may be exposing their customers’ data to hackers. Meanwhile, the retailer’s data security team is already fighting a fire somewhere else – Bash bug for some IT teams was relegated to lower priority.

It’s not certain that Bash bug-related hacks will bite retailers this holiday season, but the possibility is quite real and present. As we’ve seen in the past, large companies are by no means immune to hacking simply because they spend more liberally.  Hackers are patient guests, and waiting is actually a good thing for them. And there’s no better time to exploit a weakness than the holiday shopping season. The question is, which retailers will top the hackers’ holiday list this year?

It’s not too late for retailers to act. Certainly, executive teams and boards of directors would support decisive action that avoids front-page scrutiny and potential embarrassment. While it’s always better to have a long term strategy for cybersecurity, sometimes it’s important to fight the fire in front of you – even if it’s only smoldering. Bash bug may be smoldering right now for some and every line of code should be examined.

This article has been extracted from http://www.infosecurity-magazine.com, please click on this link to read the article in full http://www.infosecurity-magazine.com/opinions/bash-bug-grinch-christmas/

Montash is a multi-award winning global technology recruitment business. Specialising in permanent and contract positions across mid-senior appointments across a wide range of industry sectors and IT functions, including:

ERP, BI & Data, Information Security, IT Architecture & Strategy, Energy Technology, Demand IT and Business Engagement, Digital and E-commerce, Leadership Talent, Infrastructure and Service Delivery, Project and Programme Delivery.

Montash is headquartered in Old Street, London, in the heart of the technology hub. Montash has completed assignments in over 30 countries and has appointed technical professionals from board level to senior and mid management in permanent and contract roles.

comments powered by Disqus

Social Stream

Latest News

W1siziisijiwmtcvmdivmtuvmtyvntivmjuvnzkwl2n5ymvyigf0dgfja3muanbnil0swyjwiiwidgh1bwiilcizodb4mtawiyjdxq

UK threatened by serious cyber attacks every ...

2017-02-15 16:00:00 +0000

The security of the UK has been threatened by 188 serious cyber attacks in the last three months, a government security chief has said. National Cyber Security Centre (NCSC) Chief Executive Ciaran Martin told The Sunday Times that national security was put at risk by many of these attacks. Martin was speaking ahead of the official opening of the NCSC, which has been set up to protect critical services in the UK from such attacks and improve underlying i...

W1siziisijiwmtcvmdivmdgvmtavmzcvmzkvnjkyl0n5ymvyifnly3vyaxr5lmpwzyjdlfsiccisinrodw1iiiwimzgwedewmcmixv0

British cyber security workforce rises 163%

2017-02-08 10:00:00 +0000

Data from the UK has shown that the cyber security workforce has grown considerably over the past five years. According to a new report from cyber skills promotion network Tech Partnership, there are now 58,000 more workers in this industry – a rise of 163 per cent. It shows the growing importance of these professionals, with firms across a vast range of industries turning to cyber security specialists to safeguard their data. To collate the report, the...