Security & Privacy
Clever and “Shellshock”
September 29, 2014
Dan Carroll
Clever’s Response to the “Shellshock” Security Issue
Recently, a critical security issue was discovered and disclosed to the larger community. This issue, nicknamed Shellshock, could have allowed an attacker to take control of certain systems using specially crafted HTTP requests. The vulnerability came from a flaw in Bash, a tool used by the majority of Internet web servers, including some of Clever’s machines.
Even though we had no reason to believe that any of our services were directly vulnerable, we immediately took action on Wednesday, September 24th to completely secure all of our systems. Our developers worked around the clock to apply fixes as soon as they became available, typically within an hour of release.
We have investigated our systems for evidence of any attempts to exploit this vulnerability and found no such evidence. We will continue watching “Shellshock” closely, and continue to scan for malicious attempts to access Clever’s systems.
If you’d like more general information about “Shellshock”, please read more on the Clever engineering blog.
More to read
Company
August 8, 2023
Clever joins forces with the White House to strengthen cybersecurity in schoolsClever continues commitment to a secure, interoperable digital learning ecosystem and free and low-cost resources to school districts that strengthen cybersecurity.
Company
February 6, 2023
Day in the life at Clever: Abby, Customer Solutions RepresentativeCurious what it’s like to work at Clever? Here’s a typical day in the life of Abby, a Customer Solutions Representative.
Company