Shell Shocked (Printer?)

shell shock

The popular press is reporting on the recently discovered vulnerability in many of the Internet’s servers. While not a virus (it can’t spread from machine to machine) it can infect Macs and Linux computers. It does NOT infect Windows computers. However many of the places you go on the web can be compromised and thus what you put into those sites can be at risk.

How Big Is The Threat

Web servers are computers that take request from you via the Internet and return you the web page you ask for. The software that does this are from various groups. When you get a web page you have about a 30% (http://ubuntuforums.org/showthread.php?t=1511517) chance of getting it from a computer that is at risk. As of this writing I don’t have a non-technical way of helping you to decide if a particular site (such as your bank) is vulnerable. I can say that of the attacks that have appeared over the last two days since the announcement that they are not yet dangerous to the consumer. It is only the bad guys testing to see which machines are vulnerable and other mischief. Only two actual attacks have been detected and one is neutralized already (http://threatpost.com/honeypot-snares-two-bots-exploiting-bash-vulnerability).

What has only been alluded to so far is that besides web servers most of the printers, scanners, some phones and many of the devices attached to even a Windows computer are running the software that could be affected. That has yet to be addressed. While I was able to mitigate the problem on my Linux computers the day the problem was announced I was not able to do so with my printers. I feel these printers that one can print to from anywhere on the web or from one’s phone or tablet are especially at risk. The update server appears to be down for my printer. Hopefully it is being updated so it can’t be attacked and then will update my printer so it can’t be attacked.

As of this writing Friday Sep. 26, 2014 in the AM Apple has not released a prevention for it’s Mac Snow Leopard (10.6), Mavericks (10.9) nor the Yosemite beta (10.10) system.

What to do

If you have a Linux, Unix, BSD or Mac keep an eye out for updates. Install them immediately. Note updates will NOT come in the mail, those are scams. Use the usual update process for your system.

Users of all system should check for news from the sites they login to, especially those that have to do with money or your sensitive information. If necessary contact the institution and ask if they have fixed Shell Shock.

See my blog at http://affinitycm.com/blog.html to stay informed. Our site and all our computers were protected the day the vulnerability was announced, before the name Shell Shock was given to it.

No Comments

Trackbacks/Pingbacks

  1. Jay - . tnx for info!!
  2. max - . thanks for information.