Shellshock - is your site vulnerable?
Bugger, just wrote a blog post and lost it, so lets try again!
Things are definitely not going to plan at the moment. I have had no time to work on WA as work keeps getting in the way. I just spent over 5 hours trying to sort out broken email on a client's iPad and iPhone. Very frustrating and still unresolved! It worked fine when I set it up on my Samsung S4! I think it is the 3G connection that is the problem.
Anyway, back to the post heading!
Millennium and Heartbleed
I am sure most of you have fond memories of the Millennium Bug and some may even have heard of the Heartbleed Bug. Although completely different in many ways both had something in common, and that is our mass media's fixation with the end of the World and how computers and the Internet are going to facilitate it!
OK, so the World did not end at 00:00 on 31/12/99, and it did not end a few months back when the Heartlbleed bug was released either.
But wait, we now have another opportunity to end the World!
Just recently the media has been getting all worked up about the Shellshock Bug, maybe this will prove them right and maybe the World will end this time! Don't these people realise that if they are right there will be no one left for them to brag to!
Sorry, getting a bit off topic there.
What is it
As an end-user of the Internet, just like with the Heartbleed bug there is nothing we can do about the Shellshock bug and we do not need to lose any sleep over it.
However, as Internet Markers with our own website we do need to be worried.
Without getting too technical here, there is a security risk in the Bash Shell which is a major part of all Linux distributions (the OS that run the majority of web servers). All of our WA websites will use the Bash Shell and are therefore potentially vunerable.
To be honest I am not certain what could happen but I do know how you can check for the vulnerability and what to do if you have it!
The Plug-In
There is a Plug-In for this, just like there is for everything else!
Go to your plugins page, Add New, search for Sheelchock and install and activate the plugin. Next go to Settings, Shellshock and click on Run Test.
I have checked 3 of my sites and only one is vulnerable and that is my WA site!
So now over to Kyle and Carson as we can't fix it!
Sorry if this isn't up to my usual standard but I am tired and stressed out thanks to iPads and iPhones and email!
Recent Comments
8
Great job, I was doing some research on this as well. Nice to hear about the plugin. Appreciate your effort and blog. Kim :))
Carla, email on the mac has been functioning fine all through the mentioned problems. it is only teh iPhone/iPad with problems!
Get a Mac, you won't regret it!
Thank you for highlighting this Keith, the threat vector on this thing has huge implications!
Although only a tiny percentage of people use Linux on their desktop machines, there are a heck of a lot more web servers using this OS.
I would imagine that a hardware firewall in front of the WA web server(s) would be an effective gatekeeper in preventing threat escalation.
For community members it's good security practice to update your browsers, email clients, plug-ins (e.g. java) and apply any recent security patches. However the web server security is not something we can address. It will be interesting to see how this plays out.........
Hi Matt, I too worked in IT, and unfortunately still do! Live in Aus and made it to NZ for the first time earlier this year.
Hey Keith, your in the IT game too. Sounds like you have a similar love-hate relationship with the industry as I do! Where abouts in Aus do you live? My base was in Brisbane, before making the move to Wellington 2 weeks ago.
Matt, love/hate relationship is about right. I love tech but it drives me mad! I wouldn't be so bad if I didn't have a support company that supports everything tech! If I could just do Apple I would be happy!
I live in Bowral, Southern Highlands, NSW.
We all fell in love with NZ and spent NYE in Molly Malones in Wellington this year.
See more comments
Thank you for the information!