Yellow font on Black background Black font on White background Black font on Cream background
Call us today 01621 857841 or Email us
Quality Matters Logo

"Quality Matters in your Business"

Monday, 6 October 2014

ISO 27001:2013 and Dangerous Bug Shell Shock

If you are involved in IT you may remember the Heartbleed virus which had the potential to bring the internet down; fortunately a fix and patches prevented the Heartbleed virus getting a foothold.
Now there is a new and more virulent virus named Shell Shock which has the ability to allow unauthorised disclosure of information; allows unauthorised modification; allows disruption of services.

This one attacks UNIX systems and Linux systems and can affect PCs, OS X Macs, home routers and many more systems.

Any system that uses BASH (widely used command interpreter) up to and including v4.3 is vulnerable.  DASH systems are not affected, including Ubuntu and Debian.

The risks are high as many government and military systems use BASH or BASH derivatives and a reliable patch has not yet been developed.

According to The Register (www.theregister.co.uk) you can test your systems using the following code in your default shell:

Env X=” ()   { :;}  ;  echo busted” /bin /sh  –c ”echo completed”
Env X=” ()   { :;)  ; echo busted” ‘which bash’  -c “echo completed”
If the words “busted” appear then you have a problem and are at risk.  We have copied the code from the Register and cannot guarantee its validity but it is worth checking.

Our systems here at Quality Matters appear to be safe from this bug (for now).

In short, this is a very dangerous bug which could affect tens of millions of systems.

No comments:

Quality Matters

P.O.Box 5479
Maldon
Essex
CM9 8GG
England

T: 01621 857841
F: 01621 856016
M: 07702 193788

© 2015 Quality Matters Ltd. All rights reserved. Responsive Design