Fighting ShellShock

Fighting ShellShock
Photo of turtle shell with words "Fighting ShellShock"

It looks like we have another software vulnerability on our hands called ShellShock putting tons of Mac and Linux computers and servers at risk. Thankfully there are some things we can do about it.

To summarize a Gizmodo article on what ShellShock is, it’s a bug in unpatched computers that allows hackers to inject their own code into a program called Bash which is essentially pre-installed in Mac and Linux computers and many servers and routers. What’s disturbing about the bug is the massive number of devices it affects which means it may take years for the bug to be eradicated by software patches.

Now as to what you can do…

Testing your Mac or Linux machine

According to a Lifehacker blogpost, you can test if your Mac or Linux computer is vulnerable by opening the Terminal app, copying and pasting the following command into it:

env x='() { :;}; echo vulnerable' bash -c 'echo hello'

And then hitting the Enter key. If your machine’s at risk, the Terminal will say:

vulnerable hello

If you get that message on a Mac, there’s a patch that you can download here (I had to do this for my MacBook).

Testing your WordPress server

If you use WordPress for your website, WP Tavern blogged about a new plugin called Shellshock Check that can test your server for ShellShock vulnerability. I tried it out on CodeFlowed.com and thankfully, it’s in the clear. If your server is vulnerable, you can contact your server provider about it and provide the plugin’s results.