DisasterLAN and NYAlert/iAlertz Not at Risk from Shellshock/Bashdoor Vulnerability
BCG has been monitoring concerns over the recent discovery of the Shellshock vulnerability and felt an official response was warranted. We would like to take this opportunity to reassure our customers that BCG's systems are NOT AT RISK. Shellshock, also known as Bashdoor, is a security vulnerability in the Unix Bash shell used by many internet servers including web, email, and database servers. This vulnerability potentially affects any Unix/Linux based systems including the Apple Macintosh platform. The vulnerability can be used to gain unauthorized access to the system or to install additional malware such as botnets.
We want to assure our customers that neither BCG's DisasterLAN incident management system nor NY-Alert / iAlertz notification platform use any of the affected operating systems. This means that your BCG products are not at direct risk from Shellshock at this time. BCG does recommend that you take steps to secure other systems that may be part of your infrastructure including desktops, servers, and laptops running Linux or Mac OS.
BCG constantly monitors emerging threats to ensure that our DisasterLAN and NYAlert products remain properly secured. If you have additional questions or concerns regarding the security of your BCG products please contact BCG customer support. For more information on the Shellshock vulnerability please visit https://www.us-cert.gov/ncas/alerts/TA14-268A.
Patrick Lupiani, CISSP
BCG Security Analyst