On Wednesday news broke that there’s a widespread, potentially harmful vulnerability that affects the computer systems that a lot of us use every day, including OSX and Linux. It’s called the Bash Shellshock Bug. Here’s a quick rundown of how the bug works, who it affects, and how we’re handling it at Name.com:
What is the Shellshock Bug?
It is vulnerability in Bash, which is the software used to control the command shell in many flavors of Unix, and it has been shown to be present in OS X. It allows an attacker to run a wide range of malicious code remotely.
Am I vulnerable?
Desktop users should not be vulnerable. However, if you allow allow SSH access from remote connections you are potentially vulnerable.
I use SSH for Mac OS X/Linux, what should I do?
We suggest that you avoid using Bash for remote connections (SSH) until appropriate patching has been completed by the various companies (Apple, Red Hat, etc.)
How is this going to be fixed?
Red Hat has released a patch for its Linux distributors, however they warned the patch is incomplete. Apple has not released a fix for OS X yet, so keep an eye out for system updates and be sure to update OSX when prompted.
What has Name.com done to address this?
We have patched our hosting servers and will continue to keep up with all future related security patches.