Every vulnerability it seems could result in the theft of passwords. The latest is Shellshock or what some are calling the Bashbug – and this could be even bigger than Heartbleed.
Bash is a Unix shell which is widely used on Linux , Unix, and Apple’s OS X operating systems (Windows you’re OK). Every day we interact with servers that use these operating systems in our office or online through applications such as browsers, instant messages, word processors and more. The problem is Bash works in the background so it’s not obvious you’re at risk. It’s great for accessing computers remotely and the vulnerability found in Bash allows attackers to take any action they want on the target machine or device – good for an attacker. That means they could insert code to download a payload such as passwords or execute malicious code.
Vendors are rushing to patch their servicers so it’s likely that attackers may attempt to create backdoors for themselves with cracked passwords for future use. To protect yourself, make sure you’re using two-factor authentication whenever possible. That way if your password is stolen you still have a layer of security between the attacker and your information – because we all know password reuse is a real danger. A password stolen on one server could be used to login to multiple applications from online banking to VPNs on corporate networks. The Validation and ID Protect Service (VIP) is a simple, smart, and secure way to ensure that extra layer of protection. VIP should be used as a second factor to remotely login to networks or applications and for consumers it’s available on these member sites.
Find out more about VIP at www.symantec.com/vip and check out these Shellshock resources: quick video overview and a detailed explanation from Symantec Security Response.
Follow us on Twitter: @SymantecVIP