Author Gary Hibberd
Have you noticed how quiet your IT teams have been over the last few days? Perhaps they’re looking a little tired today and you’ve put it down to an excessive weekend of ‘World of Warcraft’ or ‘Halo’!
Or maybe you know the real reason they’re looking a little jaded… Maybe they’re suffering from ‘ShellShock’!
No, this isn’t the latest ‘Must have X-Box’ shoot-em-up… This is potentially far more worrying.
On Friday 26th September the world woke to the news of a new vulnerability affecting Linux and MAC OS Unix called ShellShock and quickly began debating if it was a 10 or 11 on the “10 point vulnerability scale”. As details of the Bourne-Again Shell (BASH) component scope and impact emerged, we heard how we could be on the verge of a similar ‘Heartbleed’ level of impact, which itself was assessed as a 10 or 11 level event.
I’m no Apple ‘Basher’ (pun intended) but the Unix and MAC community have had it good for quite some time. I’m sure we can all recount amusing stories around Windows weaknesses and how this protected and invincible community have laughed from their lofty towers as Microsoft users trudge through their weekly security updates. Linux server admins should still be battle hardened and fresh from the frontline after dealing with Heartbleed, but a bullet-proof state of mind still runs deep and has most likely led to a complacency that could mean additional turns on the vulnerability dial.
This then may be a 12 on the scale.
Scare mongering is a cheap way of affecting and effecting clients, but as the industry deals with another ‘deadly serious bug’, that is already being used with malicious intent, it’s hard not to be shouting ‘Incoming!!’ loud and clear right now and to not start counting the casualties who were too slow or ponderous to assess their environment and patch.
The bottom line is this; we all went to bed last night thinking all was well, but threats of increasing size are discovered every day. We need to be consistent in our approach to all aspects of security… But patching and non-complacency is a good place to start.
Our advice to you. Start patching. Start paying attention.
Agenci Information Security is responsible for protecting businesses from cyber threats, cyber-attack, internal threats and business outages. Agenci Information Security ensures clients systems are secure and provide peace of mind through a range of proven specialist information security solutions. Specialists in ISO 27001 certification.
Speak to a member of the team now on
03455 760 999
We would love to help you, ask for Stuart: