10 Things You Need To Know About The Shellshock Vulnerability

Many people have been asking me about the recent Shellshock exploit, so I wanted to share some of what I know to help you protect your company and/or your customers. (FYI, I am President and CEO of Eagle Eye Networks.)

Shellshock was originally announced on September 24th, 2014. It is still a very real threat and it can negatively impact not only IT systems, but physical...

**** ********* ** ****. **** ** *** **** ****** ** days *** ****-******* ***** “******* **** ***” ****** **** *** Mayhem ***** ** ***** *** ********** ************* ** **** *** and ****** ********** ***** *** **** *******.
  1. ********** ** * ************* ** *** **** **** ***** ***** is **** ** *** ******* ******* ***** ** **** ********* systems ********* *****, ********** ** ****, *** *****'* ***. ************ many ******* ********** *** ******** ***** *** *** ** ** risk ** ****.
  1. ********** *** ***** * ** *** ** ** ******** ***** by *** ******** ********* ** ********* *** **********. (********** *** rated * *). ********** *** **** ***** *** **********, ***** means ** *** ** ****** *********.
  1. ********** ****** * ****** ** ****** * ****** *** ******* code *** ******** ** ****** **** **** * ********** **** - ******* **************. *** ******** ***** ****** **** **** * targeted ******** *** ******* ** ******** - ********* *****, ******* programs, **** ******* ** ******** ****.
  2. ***** ********** **** ******** *******, ********** ******* *******, ************ *** other ********-********* *******. ***** ******* **** ** ****** ******* *******, security *******, ** ** ******* ******* *** ***** *** ** protected ** ***** ******* ** ***********.
  3. ***** ********** *** ** *********** ********** ***, ********** ******* *** believed ** **** ******** ****, *******, *** **** ********. *** New **** ***** ********* **** **% ** ******** ********* ** the ******** ***** ** ********.
  4. ** ******** ** **********, ***** *** ******** *** ** ****** as ******** **** ********* *** ********* **** *******, **** ********** it ***** ** **** **** *******. ******* ********** ******* **** of ******** *******, ** *** ******* ******** ******** ** ***** to ***** *** ********* *******.
  5. ** ***'** ******* * ** ******* *** ***, ******, ** any ****** ******* ********, ***'** ******** **** ***** *** ******** can’t *** ** **** ***** ********. ** *** **** * firewall *** *** ***** ***** *** ******* *** ***** ** safe.
  6. *** **** ******* ******** *** *** ******* **** ** *******, appliances *** ******** **** *** ******** *****. *****, *********** ****** may ** ********** ** ***** *** **** ********** ** *******. If *** ****** **** ** ** ********* *** *** **** to ******* **** ********* ** ********** ******* *** ****** ******.
  7. *** ******* ** ***** ************ ******* **** **** * *** interface *** *********** ****** ********** *** **** ** ** ******* immediately. *** *************** *** ****.
  8. ** ***’** ***** * ******** ******** (***, ***, *********) *** the ****** *** *** ******** *** ** * ******** ** sure ** ******* **** *** ************ *** ******** ** *** to *** **** ************* ** ** ***** ** *** *** exposed. ** *** ********* **** *** ** ********, *** *** not ** **** ** *** **** **** *** ******, *** should **** **** ************* **** *********. ** *** *** ***** software (***) ** ***** *** **** ** **** ********* ** your ********* *** ***** **** **.

** ** ***** *** ******** ******** ********* *** ***********, *** internal ******* ***** ** **** **-**-**** ** ***** ******** ****** vectors **** *** *********** ****** *** ******* **** **** **** or *******. **** *** ****, *** ***** *** ********* ***** integrators ** ** *********** *** **** *******.

** * ******* ***** *******, ***** *** ********’ ******** **** immediately ******* *** ***** *** ***** ******** ******** *** *** of *** ********* **** *********** *********.

Login to read this IPVM discussion.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.