On September 24th, security researchers disclosed yet another critical code flaw with the capability to negatively impact the internet, this time in the UNIX bash shell, a command line interpreter used in many of the servers that comprise the web. Dubbed Shellshock by the information security community, this security bug leaves servers running any of the seven affected versions of Bash, which includes Mac OS X users, vulnerable to attack.
While this bug doesn’t affect the vast majority of Mac users--no worries, teachers, your iPads and iPhones are safe, and so are your Macbooks unless you’ve set them up for advanced server configuration--it does have the potential to pose a unique set of difficulties for schools. Some security researchers even consider this bug to be bigger than Heartbleed, another catastrophic flaw discovered in April.
Over the past few years, many schools have abandoned running their own servers in favor of adopting cloud-based tools that do not require expensive hardware or upkeep. For schools that do maintain their own servers, patching and configuration management are low priorities for technology coordinators and district IT staff. If your school or district is running its own servers on a UNIX framework, however, the information that you’re storing on those servers is at potentially at risk.
If you’re an educator, administrator, or IT staff in charge of running servers for your district, here are a few things that you can do to protect your students and their data from Shellshock:
This year has been an unprecedented year in security breaches and security vulnerability discover; so many exposures have been disclosed that the systems used to track them are being restructured to account for the massive growth in vulnerability reports. Though many of the vulnerabilities that are found and reported may not affect the daily work of educators, those that affect critical internet infrastructures have the potential to put student and educator privacy at risk.