Federal Friday - 9.26.14 - Shell Shocked and Bashed

Blog Post created by jschim Employee on Sep 26, 2014

Happy Friday, Federal Friends! Having a relatively quiet week? Just looking forward to a quiet end to FY14? Riiiiiiiiight, same here....


Most of you probably had an interesting 2nd half of the week just as we are. Like a judge at the Olympics, DHS has scored this little diddy a 10 out of 10 both in impact and how easy it is to use this vuln to run an exploit. While this doesn't have the "world-is-ending" feel that Heartbleed did it is still very serious, with potential long-term impact. This story is literally everywhere so I won't load you up with too many links, but below I have listed 3 tips I saw on a lil blurb on MarketWatch earlier today. The tips are simple enough to follow for now, and as the impact of Shellshock/Bash is better understood make sure to check in with your vendors regarding patches etc. I also included links that we have put out regarding Nexpose & Metasploit. If you have any further questions please reach out to our amazing Support Team, or your respective Account Manager.


  1. Download security updates.
  2. Look for notifications from service providers that may have been hacked.
  3. Change your password if someone tells you to.

I wonder what the Bash Brothers, of Mighty Ducks fame, would think about today's Bash Bug? I'll bet they give the same look as I did on Wednesday...


the mighty ducks animated GIF