Connecting to LinkedIn...

W1siziisijiwmtuvmdqvmtuvmdgvntqvmzgvnzi1l01ptlrbu0hfqkxpr19vtljftkrfukvex0lnqudfx3jlc2l6zwrfyw5kx3jlbmrlcmvklmpwzyjdlfsiccisinrodw1iiiwimtkymhgxmjuwiyjdxq

Blog

Will the Bash Bug Be the Grinch that Steals Christmas?

15/12/2014 by Sharon Shahzad

W1siziisijiwmtqvmtivmtuvmtcvndqvmtavmtu1l0jhc2hfqnvnx2dpdmluz195b3vfu2hlbgxzag9ja19dvkvfmjaxnf82mjcxx3vwzgf0zs5qcgcixsxbinailcj0ahvtyiisijywmhg0mdbcdtawm2uixv0

The Bash bug, first exposed in September 2014, could be devastating for retailers and manufacturers this holiday season thanks to its wide distribution across Unix-based systems such as Linux and Mac. The Bash bug opened doors for hackers to access confidential information and take over systems with remotely-executed code, tacking on their malicious code to the environment variable in Bash, a command line shell in these systems.

The good news is that software companies started developing and distributing patches fairly quickly. There is bad news, however: some companies didn’t roll out all patches in a timely or comprehensive fashion. Oracle warned its users that more than 30 products were affected, but patches for only two products, Linux and Solaris, were immediately available. And many that did install patches may still be at risk because they failed to install subsequent patches that are required to fully close the vulnerability.

The fact that Unix-based systems are so intrinsic makes the problem particularly acute – delays in patching mean that many systems may have been vulnerable for a period of time long enough for hackers to install an intrusive bit of code. That code could still be sitting there, undetected, while hackers just wait for the right opportunity to pounce.

For hackers that want to maximize their holiday haul of personal information, including credit card numbers, what better time to pounce than the holiday season. On Black Friday and Cyber Monday, shoppers entered credit card information at unprecedented levels to score deals – and, unbeknownst to retailers, that command line interface vulnerability mentioned above may be exposing their customers’ data to hackers. Meanwhile, the retailer’s data security team is already fighting a fire somewhere else – Bash bug for some IT teams was relegated to lower priority.

It’s not certain that Bash bug-related hacks will bite retailers this holiday season, but the possibility is quite real and present. As we’ve seen in the past, large companies are by no means immune to hacking simply because they spend more liberally.  Hackers are patient guests, and waiting is actually a good thing for them. And there’s no better time to exploit a weakness than the holiday shopping season. The question is, which retailers will top the hackers’ holiday list this year?

It’s not too late for retailers to act. Certainly, executive teams and boards of directors would support decisive action that avoids front-page scrutiny and potential embarrassment. While it’s always better to have a long term strategy for cybersecurity, sometimes it’s important to fight the fire in front of you – even if it’s only smoldering. Bash bug may be smoldering right now for some and every line of code should be examined.

This article has been extracted from http://www.infosecurity-magazine.com, please click on this link to read the article in full http://www.infosecurity-magazine.com/opinions/bash-bug-grinch-christmas/

Montash is a multi-award winning global technology recruitment business. Specialising in permanent and contract positions across mid-senior appointments across a wide range of industry sectors and IT functions, including:

ERP, BI & Data, Information Security, IT Architecture & Strategy, Energy Technology, Demand IT and Business Engagement, Digital and E-commerce, Leadership Talent, Infrastructure and Service Delivery, Project and Programme Delivery.

Montash is headquartered in Old Street, London, in the heart of the technology hub. Montash has completed assignments in over 30 countries and has appointed technical professionals from board level to senior and mid management in permanent and contract roles.

comments powered by Disqus

Social Stream

Latest News

W1siziisijiwmtyvmtivmdcvmtavmdyvndkvntg0l0vudgvychjpc2ugcmvzb3vyy2ugcgxhbm5pbmcgy29wes5qcgcixsxbinailcj0ahvtyiisijm4mhgxmdajil1d

Infor launches new mobile solution

2016-12-07 09:00:00 +0000

Infor, one of the global leaders in enterprise resource planning (ERP) software, has revealed that it is launching a new mobile solution. The company, which has focused on developing specialised business applications for a variety of industries, unveiled Infor Mobility for Field Service (MFS). The solution is a comprehensive mobility application that can streamline operations for employees working in the field. To ensure that field technicians are provi...

W1siziisijiwmtyvmtivmdyvmdkvmjcvmtavnze4l2nsb3vkihrly2hub2xvz3kgc2vydmljzxmuanbnil0swyjwiiwidgh1bwiilcizodb4mtawiyjdxq

AI continues to infiltrate cloud computing se...

2016-12-06 09:00:00 +0000

With Google and Microsoft both already working on artificial intelligence (AI) software for their cloud services, it has been revealed that Amazon is now to join the battle. The internet giant is to prioritise developing AI for Amazon Web Services (AWS), the division that sells data storage and computing to IT professionals around the world. AWS is currently the fastest-growing division for Amazon, with the past year having seen sales soar by 60 per cen...