Shellshock bug: Some Canadian government systems taken offline as precaution

Any device using Unix-based operating systems such as Linux and Mac OS X are affected by Shellshock. File/Getty Images

TORONTO – The Canadian federal government has taken some of its systems offline in response to the newly discovered Shellshock bug.

The bug poses a threat to computers and other devices using Unix-based operating systems.

“When the government became aware of this vulnerability, all federal government organizations were directed by the Chief Information Officer for the Government of Canada to patch vulnerable systems on a priority basis,” Kelly James, spokesperson for the Treasury Board of Canada Secretariat, told Global News.

The Treasury Board of Canada Secretariat is in charge of internal administration for some government bodies.

“For vulnerable systems where no patch is available, departments have been directed to take those systems offline. We continue to take precautionary steps, while monitoring the vulnerability closely,” James said.

Story continues below advertisement

READ MORE: What you need to know about the ‘Shellshock’ bug

The Shellshock bug allows attackers to issue malicious commands using the Bash shell program. Devices use Bash to execute “shell” commands. A shell is a program that translates your commands into something the device’s operating system can understand.

Any device using Unix-based operating systems such as Linux and Mac OS X are affected by Shellshock.

What makes this vulnerability so dangerous is the number of devices hackers could potentially attack. Everything from servers and routers, to kitchen appliances, cable and Wi-Fi modems, car computers and tech gadgets run Linux.

The security flaw has been referred to as both the “Bash” bug – after the piece of software that runs the command prompt on Unix computers and Linux servers – and the “Shellshock” bug.

Many have warned that this bug could be much worse than the Heartbleed bug, which caused major security headaches in April, despite the fact many experts called Heartbleed the “biggest security vulnerability in the history of the Internet.”

The federal government came under fire for its handling of the Heartbleed bug, after approximately 900 social insurance numbers were stolen from the Canada Revenue Agency’s website as a result of the security flaw.

Story continues below advertisement

The CRA waited three days to tell the public about the breach.

Global News contacted the CRA for a statement regarding whether its systems were being taken offline in response to the Shellshock bug; however a spokesperson did not respond.

READ MORE: Hacker charged in CRA Heartbleed breach ‘straight-A’ engineering student

Meanwhile, Apple has responded to concerns about the bug, stating most users are not at risk of the vulnerability.

“The vast majority of OS X users are not at risk to recently reported bash vulnerabilities. Bash, a UNIX command shell and language included in OS X, has a weakness that could allow unauthorized users to remotely gain control of vulnerable systems,” an Apple spokesperson told Global News.

“With OS X, systems are safe by default and not exposed to remote exploits of bash unless users configure advanced UNIX services. We are working to quickly provide a software update for our advanced UNIX users.”

Sponsored content