Showing results for 
Search instead for 
Did you mean: 

Shellshock: What is it and what can be done to stop the bug?

Shellshock: What is it and what can be done to stop the bug?

What is Shellshock?

Shellshock is a mistake in the code of a program called Bash, which is typically installed on non-Windows operating systems such as Mac, Unix and Linux. The bug allows hackers to send commands to a computer without having admin status, letting them plant malicious software within systems.

Could it be used to steal my financial details?

Yes. If banks or online retailers use older, “mainframe”-style computing systems, they are likely to be vulnerable. Home routers and modems could also be targeted as a way to get  to PCs and laptops.

Are there any indications it has already been exploited?

It’s too early to tell. However, authorities fear a deluge of attacks could soon emerge. The US government has rated the security flaw 10 out of 10 for severity.

What can be done to  solve it?

Security experts around the world are now rushing to find a fix for the bug, but the widespread and varied use of Bash means there won’t be a single solution. Individual organisations and companies such as Apple will develop patches for their own systems.

What can I do to protect against it?

Experts recommend not using credit cards or disclosing personal information online for the next few days. Usual precautions are also recommended such as updating anti-virus software and not visiting dodgy websites.

Source: Shellshock: What is it and what can be done to stop the bug? - News - Gadgets and Tech - The Indepen...


There was a fascinating documentary on this on our national network, CBC.  The good news that came out of it is that most banks that are worth their salt no longer use the original "mainframe + firewall" type of construct for their computing network and are now using  Quantum Cryptography, with, apparently, Canada leading the world.   I would probably guess that the USA and the UK are equally advanced in that regard and most likely Germany, Switzerland, Luxembourg and Liechtenstein and let's not forget the other tax haven/money laundering states such as Monaco, Bahamas, Cayman Islands, Belize etc.

Here's what my bank states on their log-in page:

Scotiabank is aware of recent public reports of a serious vulnerability known as the "Shellshock Bug". Scotiabank actively monitors its networks and continuously conducts routine maintenance and are confident in the safety of our critical online systems. As always, we recommend that customers take the usual steps to protect themselves from fraud which can be found in our interactive Security Centre.

You'll notice the plainness of that white page to make one think the banks are as pure as the driven snow, something I have never believed for one minute.

Version history
Revision #:
1 of 1
Last update:
‎09-27-2014 05:25 PM
Updated by: