Insights & Ideas

Security Update: Bash Vulnerability aka Shellshock

There have been a number of stories in the press recently regarding the security vulnerability identified by CVE-2014-6271 and CVE-2014-7169 (also known as the Bash Vulnerability / Shellshock), and the breadth of systems that have been compromised as a result.

We wanted to take this opportunity to, once again, reassure you about the safety and security of the Rosslyn RAPid platform.

From our Chief Security Officer George Lazarov:

"We can confirm that the RAPid platform is not affected by the CVE-2014-6271 and CVE-2014-7169 bash interpreter code injection vulnerabilities. All our Unix-based production services are in non-DMZ environments (cannot be accessed externally), preventing the exploitation of the vulnerability.

This is due to the fact that we have in place a proprietary implementation (CentOS) or the system is based in the Debian distribution, hence using a modified / different shell (dash)."

We pride ourselves on the strength of our security, and place a huge emphasis on continually evolving our security protocols to ensure protection against vulnerabilities such as these.

If you have any questions, please get in touch at info@rosslynanalytics.com .

Our clients