Since the announcement of the Shellshock Bash bug yesterday, there has been a lot of confusion on what this is, and how it may impact people. At the high level, it impacts bash, which is a “shell” program for systems running on some flavor of Unix such as Linux. For those who are interested in the details, please visit the links in the reference section. In this post we want to discuss how Shellshock impacts different groups and what can be done:
The Heartbleed bug has been all over the media this week. The reason it’s generating so much buzz is because of its potential large impact. Many large websites have this vulnerability, so pretty much everyone needs to change some, if not all, of their passwords to minimize the impact.
Many websites have come out and said that they have seen no evidence of any access or data breach. However, according to Codenomicon, the organization that announced this vulnerability, an attack may not leave any trace. Therefore, consumers have been warned to change their passwords just to be on the safe side.
There are several lists (list 1 and list 2) out there that show which websites were affected, and which ones were not. I was glad to see that Paypal and my financial institutions were not impacted. However, I did see that Yahoo was affected, and likely Google (Google announced that there is no need to change the Google Account password, though many experts still recommend that you do so) as well. All internet users should check now to see if they need to change the password to any site that they login to.