Tuesday, 7 October 2014

Keeping safe in the crossfire: Shellshock and heartbleed

So far this year there have been two widely publicised vulnerabilities affecting a large number of web services.

In April the Heartbleed vulnerability was disclosed, affecting OpenSSL implementations used by many web services. In late September the Shellshock vulnerability was disclosed, this affected the Bash shell used by many Linux, Unix and Mac systems. Within hours of each vulnerability being announced they were actively being exploited.

Events like this highlight the importance of keeping the security of any computers you are responsible for up to date both here at the university and at home. And especially any machines running services visible to the web. You should be running a supported operating system and ensuring that you are up to date with security patches.

If you would like to speak to anyone about vulnerabilities, keeping your machine secure or alternatives to hosting systems yourself then please contact helpdesk@sheffield.ac.uk and they will direct you to the correct team.

Read our blog posts about the vulnerabilities:
OS X patch for Shellshock