The “Shellshock” BASH Vulnerability and EnCase Products

Ken Basore

We know that our customers are concerned about the “Shellshock” BASH vulnerability and whether it affects our EnCase software, our Tableau hardware products, or any of our corporate systems. This is a legitimate concern, and because we have the utmost concern for your organizational and data security, we want to give you all the information you need regarding it. Below we address one by one the key areas that you may be wondering about.

EnCase-based Applications (EnCase Forensic, EnCase Enterprise, EnCase eDiscovery, EnCase Cybersecurity, EnCase Analytics, and EnCase Portable) and all of the applications that run on them are NOT affected by the Shellshock vulnerability, as they do not run on Linux and do not use BASH. This is true for all versions of the applications.

EnCase Servlets run on a wide range of operating systems, including Linux, Unix, HP-UX, and various other *nix-based systems. All of our Unix-based servlets are self-contained applications that can be launched via BASH, but do not interact with the BASH shell while they are running. As a result, the servlets are NOT affected by the vulnerability. However, users should check the operating system in which they are running for risks associated with other applications.

EnCase LinEn: Guidance Software provides a free imaging tool that runs on Linux. LinEn is a self-contained application that can be launched via BASH, but which does not interact with the BASH shell while it is running. As a result, LinEn is NOT affected by the vulnerability, but users should check the operating system in which it is running for risks associated with other applications.

EnCase eDiscovery Review: The EnCase eDiscovery Review SaaS application does use certain Linux systems that utilize the BASH shell. Once we learned of the original vulnerability, we immediately patched our systems or applied other well-established techniques to mitigate any risk to our systems. This includes additional attack vectors that have come to light since the original news was released. At this time, EnCase eDiscovery Review is NOT vulnerable to the known Shellshock/BASH vulnerabilities.

Tableau Products: One of our Tableau products, TD3, runs a Linux operating system with a vulnerable version of BASH. Although the primary use case for the Tableau TD3 does not include attaching it to a network and exposing it to potential attack from an outside attacker, we are testing a patch that will fix the vulnerability and we will be releasing it in the next few days to our customers. 

Guidance Software, Inc. Web-based Systems: As with most companies with any type of a web presence, Guidance Software did have internet-facing systems that were affected by this vulnerability. Upon learning of the issue, we immediately started working with our vendors and suppliers to obtain patches for those systems. As of this date, we have patched all our systems or applied other well-established techniques to mitigate any risk. At this time, we are confident that there is NO risk to any GSI web-facing system and all of our data, including confidential customer data, is secure.

Rest assured that we maintain a relentless commitment to the security of all of our software and systems and will continue our diligent efforts to validate that security. If you have any questions, please contact us here.

Ken Basore is the Senior Vice President of Research and Development at Guidance Software, Inc.

No comments :

Post a Comment