Call Sales
866-300-8947
Call Support
877-523-5175
 

MegaPath Blog

Share This Article:

 

MegaPath Customer Advisory: Shellshock

Posted September 30, 2014

As you may already be aware, security researchers announced a security flaw in Bash, a command processor on many computers running Linux operating systems and Apple OS X. The bug, known as Shellshock, is a hole in Bash that lets an attacker insert code into a victim's computer in order to run commands and control a computer remotely. The attacker could potentially access files, operate programs, and copy and delete data.

At MegaPath, we take your privacy and security very seriously. We continually perform security audits and diligently and persistently monitor our network to ensure that there are no vulnerabilities that could affect the services provided to you, our customers. In addition, we perform stringent testing including detailed validation and certification of any new piece of equipment being introduced in our network prior to putting it in production.

Once MegaPath became aware of the Shellshock vulnerability, we moved quickly to address it. We have performed extensive security audits within our network and service platforms to check for this specific vulnerability. At this time, MegaPath has no evidence that the Shellshock bug was used to access any MegaPath data or services.

MegaPath has verified the security state of customer equipment and configurations utilized in MegaPath services, including CPE and other components. MegaPath has evaluated the following services for any impact relating to Shellshock bug with the following results:

  • MPLS – Not impacted
  • SSL VPN – Not Impacted
  • Managed Security Services (MSS) – Not Impacted
  • Voice over IP (VoIP) – Potential vulnerability identified and patch being implemented
  • Email and Web Hosting – Potential vulnerability identified and patch being implemented
  • Cloud Hosting – Potential vulnerability identified and patch being implemented

MegaPath is addressing the potential vulnerabilities listed above by implementing patches as they become available through our vendors. MegaPath will perform critical system patches within seven days of a patch release and non-critical system patches within thirty days of a patch release. We also recommend that our customers follow standard security best practices and use recommended security privileges across all systems.

It is important to note that this advisory only applies to MegaPath-provided systems, equipment and components. We strongly advise that you evaluate your own infrastructure, identify possible vulnerabilities, and resolve any issues promptly to include the swift application of any manufacturer security patches to your impacted systems.

For more information on the Shellshock bug, here is a helpful link:

If you have any questions, please contact us at 1-877-611-6342 (option 4) or email support@megapath.com.

 

Share This Article:

 
Blog Archive: ALL | 2017 | 2016 | 2015 | 2014 | 2013 | 2012 | 2011
I confirm that I have read and agree to the terms and conditions defined in the MegaPath Acceptable Use Policy.
I confirm that I have read and agree to the terms and conditions defined in the MegaPath Acceptable Use Policy.
I confirm that I have read and agree to the terms and conditions defined in the MegaPath Acceptable Use Policy.