This week, major news outlets have been reporting on a recently uncovered security issue nicknamed “Shellshock”. Within minutes of its discovery, Cyber-Duck ensured our servers were secure. Our clients’ websites are unaffected.
What is Shellshock?
Shellshock is a security issue in Bash, a core component of the Linux operating system run on some servers. It allows hackers to send commands to a computer without having admin status. This access allows them to install malicious software on others’ systems.
The bug only affects Internet based systems and servers running Linux and Mac OSX. Windows is not affected and normal Mac users will not be vulnerable unless they are running advanced web services.
There is no evidence that any of Cyber-Duck’s servers have been compromised. We took immediate steps to secure our servers, which were patched Thursday 25 September.
It is too soon to know if this vulnerability has been exploited elsewhere on the web. However, there is a risk that banks and online retailers using older, mainframe-style computer systems could be affected.
A number of organisations, including Apple, have responded immediately and already patched their systems. It is recommended by some experts that users should not use credit cards or disclose personal information online over the next few days.
We respond to the security issue.