NZITF urges Internet users to take precautionary measures against “Shellshock”
The New Zealand Internet Task Force (NZITF) are today warning Internet users and website owners to be more vigilant and
take some basic steps to protect themselves as criminals devise new ways to exploit this vulnerability.
NZITF Chair, Barry Brailey, said the Bash vulnerability has the potential to be very significant. Criminals are looking
for ways to exploit this and attack web servers. Vendors are racing to develop patches and fixes; customers need to be
vigilant and check for updates frequently.
The vulnerability has been discovered in the Bourne again shell, commonly known as bash which is present in most Linux
and UNIX distributions, including Mac OSX.
NZITF recommends the following actions:
1. Patch fast, patch often.
Everyone should apply patches to keep software and operating systems secure. However, users on Apple Mac computers
running OSX, should ensure that they check on the App Store for updates at least once a day until this vulnerability is
resolved.
2. Be extra vigilant of malware and scams over the next few weeks.
If there is an increase in the number of websites being compromised, these could be used to launch malware or scams.
Make sure that you keep your paranoid filter on high for the next little while.
3. Educate yourself.
Visit the NZITF’s website (http://www.nzitf.org.nz/news.html). You may want to check back frequently as this situation is evolving.
4. Monitor logs and reduce attack surface.
Businesses and website owners should consider shutting down vulnerable non-critical systems until they can be patched
and monitor their firewall and access logs for indications of attack.
More advice tailored for Businesses or end users can be found on the NZITF website (http://www.nzitf.org.nz/news.html).
Ends