If you haven't heard the news, another security vulnerability probably worse than Heartbleed has been discovered in Bash. With it, an attacker can craft a very simple http response and have your server run arbitrary code.
As soon as we heard the news, we immediately tested it and updated bash to the latest patched version, just to be sure.
We do not believe our server was vulnerable to these types of attacks, as our apache does not seem to interact with Bash in that way. Our bash was indeed vulnerable, but again, nothing seemed to use it, so no harm there.
Other sites may still be vulnerable. An attack could publish database information, files, and other requests from users. This means that an attacker could gain access to passwords, credit card information, and public keys, even if the server isn't storing them - just from the fact that they are sent over the net to the server at some point.
Standard security precautions are recommended. Change your passwords regularly. Be careful where you enter your credit card information, and frequently monitor your account transactions and statements.
|