ZeroLag protects clients from Shellshock bug

Recently disclosed Shellshock bug renders Linux servers vulnerable to attack

LOS ANGELES, October 3, 2014 — ZeroLag Communications, Inc., a leading provider of enterprise-class managed hosting solutions for web sites and web applications, recently implemented server security patches designed to thwart the Shellshock bug.

shellshock bugShellshock  (CVE-2014-6271) is a security vulnerability in a component of Unix and Linux, publicly disclosed on September 24, 2014. Shellshock — also known as Bashbug or Bashdoor — permits unauthorized users to execute commands on a server running the Unix or Linux operating system. This exploit enables attackers to take control of a vulnerable server and use it to conduct distributed denial of service (DDoS) attacks and vulnerability scanning of other systems as a prelude to further cyber attacks.

Shellshock has been compared with the Heartbleed bug, and has been described as having potentially wider and more severe impact, affecting millions of Unix- and Linux-based servers, desktop and portable computers, smartphones and tablets, and other Internet-connected devices. The Department of Homeland Security National Cyber Security Division (NIST) assigned a score of 10 to Shellshock, the maximum possible rating on the Common Vulnerability Scoring System (CVSS) scale.

“We take security very seriously, which is why we immediately began deploying patches for Shellshock as soon as the bug was announced,” explained ZeroLag EVP of Sales and Marketing, Will Bernstein. “Our engineering team worked around the clock to eliminate this vulnerability from all servers under our management, to ensure our customers did not suffer any negative impacts.”

In addition to rapid response to emerging threats like Shellshock and Heartbleed, ZeroLag provides comprehensive, multi-layered security measures for all servers located in its data center, including managed hardware firewalls, intrusion detection systems (IDS), and real-time network monitoring, along with robust physical security safeguards.