Staying one step ahead of potential security breaches, Private Internet Access has patched its VPN and Web site to protect ourselves and more importantly, our customers from the latest Bug. Following reports of attacks by a Bash bug named ‘shellshock’ started rolling in, PIA took additional security measures to ensure the privacy of its customers remained intact. With experts reporting people using the bug are looking for ways to take advantage of lapses in security, PIA took action to ensure that its customers wouldn’t be targeted.
With several news outlets reporting that the security threat is making its rounds, the Bash vulnerability allows anyone who can set environment variable values, which are then sent to bash to execute arbitrary code on the target’s machine. TroyHunt.com reports that Bash is a *nix shell or in other words, it’s an interpreter that allows the user to orchestrate commands on Unix and Linux systems. These commands normally connect over SSH or Telnet but can also operate as a parser for CGI scripts on a Web server, typically seen running on Apache.
Attackers can manipulate environment variables by changing header values and Web servers will call those CGI scripts using those environment variables, allowing the attacker to use variable commands.
On September 24th, the day the vulnerability was disclosed, Private Internet Access patched its systems, protecting its Web site and its VPN services from any impact from this bug. This commitment to our security and vow to make our customers’ security our top priority is just another way to say thank you to our customers for making Private Internet Access your choice for Internet and browser security.