A serious Bash vulnerability has been discovered on Wednesday that can rival the Heartbleed bug, CVE-2014-0160. Unlike Heartbleed which exposed encrypted data, this allows attacks that can control the server itself executing code or potentially hijacking access.
We have reviewed the vulnerability and can report the following:
Check Passed for CVE-2014-6271 Friday, September 26, 2014
We are happy to report that after 2 hours of checking our server we can confirm that we passed all vulnerability checks with a ‘not vulnerable status.’
Was my website ever at risk?
No, we regularly manage and update our server and were never at risk.
Why alert everyone if we were never at risk?
It’s best practice to alert clients about the type of management being provided and the status of government level warnings that affect network security.
What tools did you use?
We used a PHP snippet here:
And ran a few Shell Checks.
Security check passed, danger never present, data secure.
Trust does not come easy, and your trust is why we go the extra mile to make our services the best out there for your medical practice. We know that there is no easy or automated solution to provide trust which is why we sweat everyday to provide the best services out there.