Talk Security: ShellShock Bash Vulnerability Dominates September

September’s security news was dominated by three stories: the Home Depot data breach, the Apple celebrity nude photo leak scandal and the Shellshock vulnerability in Bash.

In the inaugural edition of our newly rebranded Talk Security podcast, Brian Donohue and Chris Brook of Threatpost discuss the Home Depot data breach, how the iCloud celebrity photo leak affected the launch of the iPhone 6, the end of the trustworthy computing era at Microsoft, and, of course, the Internet-wide bug in Bash, dubbed Shellshock, affecting Linux and Unix systems.


Data Breaches

TripAdvisor affiliate, Viator, which was acquired this summer for $200 million, informed 1.4 million customers of a breach including usernames and passwords. The sandwich chain Jimmy John’s was also involved in a data breach affecting 216 Jimmy John’s stores and 108 other restaurant locations. They have posted a data breach notification on their website. Goodwill also confirmed an 18 month-long data breach affecting an unknown number of their customers. Home Depot suffered the most severe data breach, impacting a whopping 56 million payment cards. Then there was the Gmail data breach that wasn’t. As a point of context, in 2013, 20 percent of all Massachusetts residents were involved in a data breach.


Apple had their yearly September product unveiling this month. It came, as chance would have it, on the heels of an ugly iCloud hacking incident in which the revealing and private photos of a number of U.S. celebrities very publicly ended up on the Internet. In response to that, Apple extended two-factor authentication to iCloud before fixing the login limitation flaw that apparently led to the leak. The Cupertino, California computer company also released iOS8 as CEO Tim Cook claimed Apple doesn’t mine emails or iMessages and does not have the ability to hand such information over to law enforcement.

Trustworthy Computing

Microsoft announced it would break up its trustworthy computing group, which has been at the forefront of the network security movement for more than a decade. The company says it plans to integrate its security operations more fully into the company, sending members of the trustworthy computing group into particular teams to work on specific products and projects.


A nearly Internet-wide bug, dubbed Shellshock, emerged in the Bourne Again Shell bug (Bash). We recently wrote an article explaining exactly what Bash is and how it affects you.