Close Menu
TechCentralTechCentral

    Subscribe to the newsletter

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    Facebook X (Twitter) YouTube LinkedIn
    WhatsApp Facebook X (Twitter) LinkedIn YouTube
    TechCentralTechCentral
    • News
      Industry to Icasa: punish municipalities that stall network roll-out

      Industry to Icasa: punish municipalities that stall network roll-out

      13 July 2026
      AI Barometer: the best AI for every job right now

      AI Barometer: the best AI for every job right now

      13 July 2026
      Shoprite claims early win in grocery AI wars

      Shoprite claims early win in grocery AI wars

      13 July 2026
      More bad news for memory prices - SK Hynix CEO Kwak Noh-jung

      More bad news for memory prices

      13 July 2026
      China nets a falling rocket in reusability race with SpaceX

      China nets a falling rocket in reusability race with SpaceX

      10 July 2026
    • World
      Swingeing jobs cuts at Microsoft's Xbox unit

      Swingeing jobs cuts at Microsoft’s Xbox unit

      6 July 2026

      SK Hynix ends Samsung’s 26-year reign at the top

      22 June 2026
      Google on the hook for what its AI tells users, court rules

      Google on the hook for what its AI tells users, court rules

      15 June 2026
      How Russians juggle VPNs to outwit the Kremlin

      How Russians juggle VPNs to outwit the Kremlin

      15 June 2026
      Amazon CEO flagged Anthropic AI risks to Washington - Andy Jassy

      Amazon CEO flagged Anthropic AI risks to Washington

      14 June 2026
    • In-depth
      AI boom sparks rally, frenzy and fear

      AI boom sparks rally, frenzy and fear

      11 June 2026
      Every plug-in hybrid on sale in South Africa, ranked by price - Lamborghini Temerario

      Every plug-in hybrid on sale in South Africa, ranked by price

      7 June 2026
      What Wi-Fi 8 will mean for wireless networks

      What Wi-Fi 8 will mean for wireless networks

      1 June 2026
      Alfa's electric rebel - Alfa Romeo Junior Elettrica Veloce

      Alfa’s electric rebel

      29 April 2026
      Africa switches on as Europe dims the lights

      Africa switches on as Europe dims the lights

      9 April 2026
    • TCS
      Watts & Wheels S1E7: 'Ferrari's EV breaks the internet'

      Watts & Wheels S1E7: ‘Ferrari’s EV breaks the internet’

      8 July 2026
      TCS+ | How Tracker is turning vehicle data into business strategy - Silvia Schollenberger

      TCS+ | How Tracker is turning vehicle data into business strategy

      1 July 2026
      TCS+ | IBM Bob: an AI-powered 'development partner' for the enterprise - David Spurway

      TCS+ | IBM Bob: an AI-powered development partner for the enterprise

      30 June 2026
      Watts & Wheels S1E6: 'A flawless Alfa and a bakkie that divides'

      Watts & Wheels S1E6: ‘A flawless Alfa and a bakkie that divides’

      17 June 2026
      Watts & Wheels S1E6: 'A flawless Alfa and a bakkie that divides'

      Watts & Wheels S1E5: ‘A Bentley of the bush and a car that swims’

      8 June 2026
    • Opinion
      The author, Fanie van Rooyen

      South Africa can still catch the AI wave – here’s how

      7 July 2026
      The author, Fanie van Rooyen

      The AI utopia South Africa can’t afford

      1 July 2026
      The author, Jannie van Zyl

      South Africa’s broadband future is being decided in orbit, not in Pretoria

      30 June 2026
      The author, Pambos Soteriades

      The pivot South Africa’s MVNOs cannot afford to miss

      23 June 2026
      Brazil's online gambling crackdown is a lesson for South Africa

      Brazil’s online gambling crackdown is a lesson for South Africa

      22 June 2026
    • Company Hubs
      • 1Stream
      • Africa Data Centres
      • AfriGIS
      • Altron Digital Business
      • Altron Document Solutions
      • Altron Group
      • Arctic Wolf
      • Ascent Technology
      • AvertITD
      • BBD
      • Braintree
      • CallMiner
      • CambriLearn
      • CM Telecom
      • Contactable
      • CYBER1 Solutions
      • Digicloud Africa
      • Digimune
      • Domains.co.za
      • ESET
      • Euphoria Telecom
      • HOSTAFRICA
      • Incredible Business
      • iONLINE
      • IQbusiness
      • Iris Network Systems
      • Kaspersky
      • LSD Open
      • Mitel
      • NEC XON
      • Netstar
      • Network Platforms
      • Next DLP
      • Ovations
      • Paracon
      • Paratus
      • Q-KON
      • SevenC
      • SkyWire
      • Solid8 Technologies
      • Telit Cinterion
      • Telviva
      • Tenable
      • Vertiv
      • Videri Digital
      • Vodacom Business
      • Wipro
      • Workday
      • XLink
    • Sections
      • AI and machine learning
      • Banking
      • Broadcasting and Media
      • Cloud services
      • Contact centres and CX
      • Cryptocurrencies
      • Education and skills
      • Electronics and hardware
      • Energy and sustainability
      • Enterprise software
      • Financial services
      • HealthTech
      • Information security
      • Internet and connectivity
      • Internet of Things
      • Investment
      • IT services
      • Lifestyle
      • Policy and regulation
      • Public sector
      • Retail and e-commerce
      • Satellite communications
      • Science
      • SMEs and start-ups
      • Social media
      • Talent and leadership
      • Telecoms
      • Watts & Wheels
    • Events
    • Advertise
    TechCentralTechCentral
    Home » Top » Shellshock bug: what you need to know

    Shellshock bug: what you need to know

    By The Conversation26 September 2014
    Twitter LinkedIn Facebook WhatsApp Email Telegram Copy Link
    News Alerts
    WhatsApp

    binbash-640

    A first and quite reasonable thought readers may have will be to wonder: what is bash?

    When you use a computer you probably interact with it through a point-and-click, visual interface such as Windows or Mac OS. More advanced users or specific tasks might require a text-only interface, using typed commands. This command-line program is known as a shell, and bash is the acronym for Bourne Again SHell (a successor to the Bourne shell, written by Stephen Bourne – that’s geek humour right there), known to everyone as bash.

    So, what you need to know is that a shell is essential, and that bash as the most common shell in use is installed on pretty much every machine that runs a flavour of Linux or Unix. That includes Mac OS X – which, behind its shiny desktop, is a Unix-based operating system, too.

    What has systems administrators hot under the collar right now is the discovery by Red Hat, a firm that produces one of the long-established distributions of Linux favoured by enterprise, of a vulnerability in bash. This bug, which is being called “shellshock”, allows under specific conditions a hacker to remotely access and take control of a system running a vulnerable version of bash.

    Potentially vulnerable computers running Linux/Unix account for around two-thirds of Web servers. That will include a huge number of online services you use — shops, banks, social networking sites, government services. The police and military, too.

    Now you can see why everyone is panicking and claiming that this is bigger than the Heartbleed bug, a problem that only affected one specific technology (secure socket layers), which is not near-universal like bash. It has been classed as a maximum risk factor 10 of 10.

    Red Hat has released a patch to close the loophole and solve the problem, but it’s not perfect and still allows an attacker other vectors to exploit. Other Linux and Unix vendors will be on the case as a matter of urgency and no doubt there will be an update from Apple for its Mac OS systems very soon. It isn’t the fault of one organisation — there is no cause to bash Apple this time.

    This vulnerability, dating back to version 1.13 of the program, has existed for 22 years and it has taken detailed analysis by security experts to find it. Now it has been made public, vendors and system administrators are scrambling to close the hole while hackers and cyber criminals are trying to exploit it.

    In fact, within 24 hours of being announced, exploits are already being reported in the wild. The issue is exacerbated by the problem that shell programs such as bash are designed to be connected to remotely, through programs such as SSH or telnet. It isn’t too difficult to send commands to a remote device or to encourage users to download an application that uses the same commands.

    But that assumes the attacker is able to bypass your perimeter protection such as a firewall and other network security policies. As a network engineer, I know that while there is a weakness on my system that must be resolved, there are other defence mechanisms already surrounding that weakness that still provide protection.

    However, those running a Web server — whose entire function is to respond to those remote calls (in this case, your Web browser’s requests for pages on the site you’re browsing) — have much more of a problem. This provides a route into the system that can’t be blocked with a firewall as it would also block legitimate requests for the Web server. Systems administrators are probably very busy trying to ensure that their bash environments cannot be exploited.

    Also of concern are the tens of millions of pieces of networking hardware such as routers and switches that connect the Internet’s computers together. Almost all run stripped-down versions of Linux-like operating systems optimised for networking, but they also include bash for network engineers to connect and control them. These will need to be patched, too.

    Desktop users are safe(r)
    The rest of us can probably breathe easier. Attackers are more interested in compromising systems that may return financial advantage, which is unlikely to be our desktop computers.

    My advice to Apple Mac users is to check firewall settings and take care when downloading any third-party application not available via the App Store. For Linux users the same applies — Ubuntu has a software centre, for example, where the community has checked all available applications to date. In any case, a patch will be available soon. Windows users are unaffected (and it’s not often you can say that).

    Some are suggesting this bug is a larger problem for Apple desktop devices than it really is. Unless your machine has been set up to allow others remote access to it (it wouldn’t do so by default), has also switched off the firewall and is not using a protected network (home broadband routers provide their own protection, for example), then I wouldn’t worry. But install whatever recommended updates appear in the days to come.The Conversation

    • Andrew Smith is lecturer in networking at the Open University
    • This article was originally published on The Conversation
    Follow TechCentral on Google News Add TechCentral as your preferred source on Google


    WhatsApp YouTube
    Share. Facebook Twitter LinkedIn WhatsApp Telegram Email Copy Link
    Previous ArticleExecutive departures a big blow for Eskom
    Next Article Zuma took control of nuclear deal: report

    Related Posts

    Industry to Icasa: punish municipalities that stall network roll-out

    Industry to Icasa: punish municipalities that stall network roll-out

    13 July 2026
    AI Barometer: the best AI for every job right now

    AI Barometer: the best AI for every job right now

    13 July 2026
    Shoprite claims early win in grocery AI wars

    Shoprite claims early win in grocery AI wars

    13 July 2026
    Company News
    Rain supercharges 5G with Huawei

    Rain supercharges 5G with Huawei

    10 July 2026
    Africa's data centres: AI, edge computing and new energy demands - Vertiv OADC Open Access Data Centres

    Africa’s data centres: AI, edge computing and new energy demands

    9 July 2026
    The best way to automate customer engagement using AI and WhatsApp - CM.com

    The best way to automate customer engagement using AI and WhatsApp

    9 July 2026
    Opinion
    The author, Fanie van Rooyen

    South Africa can still catch the AI wave – here’s how

    7 July 2026
    The author, Fanie van Rooyen

    The AI utopia South Africa can’t afford

    1 July 2026
    The author, Jannie van Zyl

    South Africa’s broadband future is being decided in orbit, not in Pretoria

    30 June 2026

    Subscribe to Updates

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    Latest Posts
    Industry to Icasa: punish municipalities that stall network roll-out

    Industry to Icasa: punish municipalities that stall network roll-out

    13 July 2026
    AI Barometer: the best AI for every job right now

    AI Barometer: the best AI for every job right now

    13 July 2026
    Shoprite claims early win in grocery AI wars

    Shoprite claims early win in grocery AI wars

    13 July 2026
    More bad news for memory prices - SK Hynix CEO Kwak Noh-jung

    More bad news for memory prices

    13 July 2026
    © 2009 - 2026 NewsCentral Media
    Built and maintained by Chronon
    • Cookie policy (ZA)
    • TechCentral – privacy and Popia

    Type above and press Enter to search. Press Esc to cancel.

    Manage consent

    TechCentral uses cookies to enhance its offerings. Consenting to these technologies allows us to serve you better. Not consenting or withdrawing consent may adversely affect certain features and functions of the website.

    Functional Always active
    The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
    Preferences
    The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
    Statistics
    The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
    Marketing
    The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
    • Manage options
    • Manage services
    • Manage {vendor_count} vendors
    • Read more about these purposes
    View preferences
    • {title}
    • {title}
    • {title}