{"id":6172,"date":"2014-10-02T13:53:39","date_gmt":"2014-10-02T17:53:39","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=6172"},"modified":"2020-02-26T10:56:16","modified_gmt":"2020-02-26T15:56:16","slug":"shellshock-bash-bug-dominates-september","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/shellshock-bash-bug-dominates-september\/6172\/","title":{"rendered":"Talk Security: ShellShock Bash Vulnerability Dominates September"},"content":{"rendered":"<p>In the inaugural edition of our newly rebranded Talk Security podcast, Brian Donohue and Chris Brook of <a href=\"https:\/\/threatpost.com\/\" target=\"_blank\" rel=\"noopener nofollow\">Threatpost<\/a> discuss the Home Depot data breach, how the iCloud celebrity photo leak affected the launch of the iPhone 6, the end of the trustworthy computing era at Microsoft, and, of course, the Internet-wide bug in Bash, dubbed Shellshock, affecting Linux and Unix systems.<\/p>\n<p><iframe src=\"\/\/html5-player.libsyn.com\/embed\/episode\/id\/3098320\/height\/360\/width\/640\/theme\/standard\/direction\/no\/autoplay\/no\/autonext\/no\/thumbnail\/yes\/preload\/no\/no_addthis\/no\/\" frameborder=\"0\" scrolling=\"no\" marginwidth=\"0\" marginheight=\"0\" width=\"640px\" height=\"360px\"><\/iframe><\/p>\n<div class=\"podcast-subscribe\"><a data-omniture-download-button-type=\"TrialBuilds\" data-omniture-product-name=\"podcast-itunes\" class=\"itunes\" href=\"https:\/\/itunes.apple.com\/us\/podcast\/talk-security\/id909407206\" target=\"_blank\" rel=\"noopener nofollow\"><img decoding=\"async\" src=\"https:\/\/www.kaspersky.com\/blog\/wp-content\/plugins\/kaspersky-embeds\/img\/button-subscribe-apple.png\"><\/a><a data-omniture-download-button-type=\"TrialBuilds\" data-omniture-product-name=\"podcast-spotify\" class=\"spotify\" href=\"https:\/\/open.spotify.com\/show\/1VGCKlOoQ9C24dJiCHGTK5\" target=\"_blank\" rel=\"noopener nofollow\"><img decoding=\"async\" src=\"https:\/\/www.kaspersky.com\/blog\/wp-content\/plugins\/kaspersky-embeds\/img\/button-subscribe-spotify.png\"><\/a><a data-omniture-download-button-type=\"TrialBuilds\" data-omniture-product-name=\"podcast-rss\" class=\"rss\" href=\"https:\/\/talksecurity.kaspersky-podcasts.libsynpro.com\/rss\" target=\"_blank\" rel=\"noopener nofollow\"><img decoding=\"async\" src=\"https:\/\/www.kaspersky.com\/blog\/wp-content\/plugins\/kaspersky-embeds\/img\/button-subscribe-rss.png\"><\/a><\/div>\n<p style=\"text-align: center\"><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2014\/10\/06015610\/badge_itunes-lrg.png\"><img decoding=\"async\" class=\"size-full\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2014\/10\/06015610\/badge_itunes-lrg.png\" alt=\"rss-podcasts\" width=\"110\" height=\"40\"><\/a> <a href=\"http:\/\/talksecurity.kaspersky-podcasts.libsynpro.com\/rss\"><img decoding=\"async\" class=\"size-full\" src=\"\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2014\/11\/06042137\/rss-podcasts1.png\" alt=\"rss-podcasts\" width=\"116\" height=\"40\"><\/a><\/p>\n<p> <em>SUPPLEMENTAL READING LIST<\/em><\/p>\n<p><strong>Data Breaches <\/strong><\/p>\n<p>TripAdvisor affiliate, Viator, which was acquired this summer for $200 million, informed 1.4 million customers of <a href=\"https:\/\/threatpost.com\/travel-site-viator-announces-1-4-m-implicated-in-breach\/108505)\" target=\"_blank\" rel=\"noopener nofollow\">a breach including usernames and passwords<\/a>. The sandwich chain Jimmy John\u2019s was also involved in a data breach affecting 216 Jimmy John\u2019s stores and 108 other restaurant locations. They have posted <a href=\"https:\/\/www.jimmyjohns.com\/datasecurityincident\/\" target=\"_blank\" rel=\"noopener nofollow\">a data breach notification on their website<\/a>. <a href=\"https:\/\/threatpost.com\/pos-service-confirms-goodwill-breach-lasted-18-months\" target=\"_blank\" rel=\"noopener nofollow\">Goodwill also confirmed an 18 month-long data breach<\/a> affecting an unknown number of their customers.<a href=\"https:\/\/threatpost.com\/56-million-payment-cards-at-risk-in-home-depot-data-breach\/108402\" target=\"_blank\" rel=\"noopener nofollow\"> Home Depot suffered the most severe data breach<\/a>, impacting a whopping 56 million payment cards. Then there was the <a href=\"https:\/\/threatpost.com\/five-million-email-passwords-addresses-appear-on-russian-bitcoin-forum\/108189\" target=\"_blank\" rel=\"noopener nofollow\">Gmail data breach that wasn\u2019t<\/a>. As a point of context, in 2013, 20 percent of all Massachusetts residents were involved in a data breach.<\/p>\n<p><strong>Apple<\/strong><\/p>\n<p>Apple had their yearly September product unveiling this month. It came, as chance would have it, on the heels of an ugly <a href=\"https:\/\/www.kaspersky.com\/blog\/celebrity-photos-leaked\/\" target=\"_blank\" rel=\"noopener nofollow\">iCloud hacking incident<\/a> in which the revealing and private photos of a number of U.S. celebrities very publicly ended up on the Internet. In response to that, <a href=\"https:\/\/threatpost.com\/apple-plans-to-extend-2fa-to-icloud\/108106\" target=\"_blank\" rel=\"noopener nofollow\">Apple extended two-factor authentication to iCloud<\/a> before fixing <a href=\"https:\/\/threatpost.com\/apple-fixes-glitch-in-find-my-iphone-app-connected-to-celbrity-photo-leak\/107997\" target=\"_blank\" rel=\"noopener nofollow\">the login limitation flaw that apparently led to the leak<\/a>. The Cupertino, California computer company also <a href=\"https:\/\/threatpost.com\/apple-launches-ios-8-fixes-dozens-of-security-flaws\/108354\" target=\"_blank\" rel=\"noopener nofollow\">released iOS8<\/a> as CEO Tim Cook claimed <a href=\"https:\/\/threatpost.com\/apple-ceo-tim-cook-says-company-dedicated-to-protecting-users-privacy\/108372\" target=\"_blank\" rel=\"noopener nofollow\">Apple doesn\u2019t mine emails or iMessages<\/a> and does not have the ability to hand such information over to law enforcement.<\/p>\n<p><strong>Trustworthy Computing<\/strong><\/p>\n<p>Microsoft announced it would break up its <a href=\"https:\/\/threatpost.com\/era-ends-with-break-up-of-trustworthy-computing-group-at-microsoft\/108404\" target=\"_blank\" rel=\"noopener nofollow\">trustworthy computing<\/a> group, which has been at the forefront of the network security movement for more than a decade. The company says it plans to integrate its security operations more fully into the company, sending members of the trustworthy computing group into particular teams to work on specific products and projects.<\/p>\n<p><strong>Bash<\/strong><\/p>\n<p>A nearly Internet-wide bug, dubbed Shellshock, emerged in the Bourne Again Shell bug (Bash). We recently wrote an article explaining exactly <a href=\"https:\/\/www.kaspersky.com\/blog\/what_is_the_bash_vulnerability\/\" target=\"_blank\" rel=\"noopener nofollow\">what Bash is and how it affects you<\/a>. <\/p><blockquote class=\"twitter-pullquote\"><p>#TalkSecurity: @Threatpost #security reporters @TheBrianDonohue &amp; @Brokenfuses discuss #shellshock, other news.<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2FuA5o&amp;text=%23TalkSecurity%3A+%40Threatpost+%23security+reporters+%40TheBrianDonohue+%26amp%3B+%40Brokenfuses+discuss+%23shellshock%2C+other+news.\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p>September&#8217;s security news was dominated by three stories: the Home Depot data breach, the Apple celebrity nude photo leak scandal and the Shellshock vulnerability in Bash.<\/p>\n","protected":false},"author":42,"featured_media":6171,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5,2684],"tags":[14,314,38,485,838,1054],"class_list":{"0":"post-6172","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"category-special-projects","9":"tag-apple","10":"tag-data-breach","11":"tag-microsoft","12":"tag-podcast","13":"tag-shellshock","14":"tag-talk-security"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/shellshock-bash-bug-dominates-september\/6172\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/shellshock-bash-bug-dominates-september\/4180\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/shellshock-bash-bug-dominates-september\/4090\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/shellshock-bash-bug-dominates-september\/4603\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/shellshock-bash-bug-dominates-september\/4842\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/shellshock-bash-bug-dominates-september\/6172\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/shellshock-bash-bug-dominates-september\/6172\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/apple\/","name":"Apple"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/6172","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/42"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=6172"}],"version-history":[{"count":4,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/6172\/revisions"}],"predecessor-version":[{"id":33339,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/6172\/revisions\/33339"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/6171"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=6172"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=6172"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=6172"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}