Maintaining Security

• Studentnet Recommended Browsers

  Outdated browsers are one of the major security risks on the Internet. It is essential to keep your browser up-to-date, as that is the only genuine protection against such vulnerabilities. See recommended versions of popular browsers supported by Studentnet.



• The POODLE Attack

  A recent exploit directed against out-of-date browsers is the POODLE attack, which exploits SSLv3, used in older browsers. TLS (Transport Layer Security), implemented in recent browsers, provides protection. More information on POODLE.



• The Shellshock bash Vulnerability

  See Wikipedia for more information.
  Shellshock is a family of major security bugs in the widely used Unix bash shell, first disclosed on 24 September 2014. Software such as web servers use bash to process commands. Attackers can use vulnerable versions of bash to execute arbitrary commands and gain unauthorized access to systems. By 25 September botnets based on Shellshock-compromised computers were already being used for distributed denial-of-service attacks and vulnerability scanning.
  

  Shellshock Information

  02.10.14 CRN: Cisco, Juniper to issue emergency updates
  29.09.14 ZDnet: Shellshock makes Heartbleed look insignificant
  26.09.14 CertAustralia: Critical Vulnerability in the Bourne Again Shell (BASH) aka ShellShock
  26.09.14 FireEye: Shellshock in the Wild
  26.09.14 Slate: Here's What You Need to Know About the Shellshock Vulnerability
  
  
  

  Business Implications

  30.09.14 ITnews: Privacy Commissioner warns business to fix Shellshock
  27.09.14 SMH: Top regulators warn banks over 'Shellshock' bug as Apple and Oracle prepare patches
  
  

  Technical Tests and Fixes

  25.09.14 DigitalOcean: How to Protect your Server Against the Shellshock Bash Vulnerability
  28.09.14 SANS: Update on CVE-2014-6271: Vulnerability in bash (shellshock)
  30.09.14 NetworkWorld: Six key defenses against Shellshock attack
  26.09.14 LWN: Protecting out of date systems - A remotely exploitable hole in bash
  
  
  

  Apple OS X

  29.09.14 PCWorld: Two scenarios that can make OS X vulnerable to the Shellshock Bash bug
  29.09.14 9to5mac: Apple releases OS X bash update 1.0 addressing Shellshock vulnerability