Shellshock is a software bug that threatens the overall security of the Internet and, by extension, the information you store online and websites you visit.
Shellshock was accidentally introduced into a free software program called Bash that helps people interact with their machines. Bash, developed in 1987, is used in most devices—computers, phones, servers, even cameras and appliances—that connect to the Internet. Linux, Unix and Apple operating systems use it. While it can be found in other systems, like Windows and Android, it is not installed and/or used by default on those systems.
The vulnerability could let hackers take control of a machine remotely to steal data, introduce malware and other nefarious activities. Because Shellshock has existed for about 20 years and was only discovered recently, hackers have had a significant head start on exploiting this weakness. Experts say it will be difficult to fix, putting consumer records at risk.
Though it is unlikely that your personal devices will become targets for hackers,it's important to take steps to protect your online interactions with websites that may be affected. Large companies will be better protected, but many small to medium-size businesses with fewer resources may be slow to patch or never patch at all.
Here are some key tips from CyberScout’s experts on how to protect yourself:
1. Turn on your firewall. This is a must-have, as it will prevent intruders from entering your system via the Internet.
2. Activate automatic software updates. This will make sure you have the latest software patches for your operating system and web browser, which are usually published to fix known bugs and security flaws. Apple has released patches available in Apple downloads on your computer.
3. Keep antivirus and anti-malware software updated. Installing and regularly updating adequate security software on all electronic devices is a must. Review online sites such as www.cnet.com or www.pcmag.com for detailed reviews of the most recent software packages available.
4. Get savvy about phishing attacks. These attempts to trick you to divulge personal information or download malicious software onto your device often come in the form of fake emails.
5. Contact your providers for identity education, protection and resolution services from CyberScout. If you notice suspicious activity on any of your accounts or wish to proactively manage your identity, check with your insurance provider, financial institution, or employee benefits provider. Many companies offer LifeStages® Identity Management Services from CyberScout for low or no cost. To learn more, visit cyberscout.com or call 1-888-682-5911.
Learn more about how to protect your system with CyberScout’s tips here.