Calq and the Shellshock bug

Earlier last week, a vulnerability was discovered in the widely distributed program bash. It was made public yesterday as CVE-2014-6271, but is more commonly known by its colloquial name of "Shellshock".

The bash program is a common shell for evaluating and executing commands from user input and other programs. The vulnerability potentially affects all systems using bash. This includes most Unix derivatives such as Linux and OSX. It is also important to consider that many embedded systems, including internet infrastructure such as routers, could additionally be affected.

Calq's platform was largely immune to the vulnerability. Only a small number of isolated systems are running the affected bash program, and these have additional layers of protection in place that made them even less vulnerable.

We have no evidence to suggest a breach has taken place. However, due to the nature of the attack, a lack of evidence is not a conclusive indicator. This is true of nearly all businesses affected, not just Calq. Due to the additional layers of security we have in place, it is increasingly unlikely that Calq was affected by this vulnerability, though as a precaution we have taken proactive steps to maintain the security of the data we store.

This is an on-going process as additional information about the vulnerability is discovered. Our engineers will continue to be proactive in protecting against this vulnerability. If you require further information please contact our support team.