Shellshock Bash Bug – Security Advisory

mac-keyboard-header

Our development team has been monitoring a vulnerability discovered in the Unix tool Bash. The bug allows attackers to gain access to Unix, Linux, or Mac machines and run commands from those machines.

Because Bash is installed on so many systems, and the attack is simple to execute, the U.S. National Vulnerability Database rated the Shellshock bug a 10 out of 10.

Fortunately, the major Linux distributions we use at Bloomerang have issued patches for this security bug. We have installed these patches and tested their effectiveness to ensure your data is secure.

Here are four actions you can take to keep your data secure from Shellshock and other security vulnerabilities:

1. Talk to your website administrator about Shellshock. If your web server has Bash, it will need to be patched.

2. Install security updates as they become available. Operating system developers work hard to patch security issues when vulnerabilities are discovered, but it’s often up to you to install the update. You can read this article about why security updates are important.

3. Follow secure password guidelines. Ensure your passwords are long (12 or more characters), and use different passwords for different websites so if one password is compromised, your other accounts will still be safe. LastPass is a great tool for remembering all of those passwords for you.

4. Beware of e-mail phishing schemes. When mainstream vulnerabilities like Shellshock occur, attackers often send e-mails asking you to click on a link or install software that can leave your machine compromised. Check out these tips on protecting yourself from phishing.

Again, your Bloomerang data is safe from Shellshock, but be sure to take the above actions to ensure your entire technological infrastructure is secure.

Happy fundraising!

img via

Micah Weaver

Micah Weaver

Chief Technology Officer at Bloomerang
Micah Weaver is the Chief Technology Officer at Bloomerang.
Micah Weaver

Latest posts by Micah Weaver (see all)

By |2017-06-10T19:18:47-04:00September 26th, 2014|Security|

Leave A Comment