October 7, 2014
Recent news reports have raised serious concerns about a new computer system vulnerability that is now being commonly called Shellshock. This vulnerability affects Unix-based operating systems like Linux and its variants. If left unpatched, this vulnerability could allow an attacker to gain unauthorized access to a computer system and execute arbitrary commands.
NFA has examined its systems and has determined that the NFA website, including the ORS and EasyFile systems, is not vulnerable to the Shellshock security flaw. In fact, NFA's web servers do not use any of the operating systems that are affected by this vulnerability. Consequently, we see no need for further action at this time.
Safeguarding Member data is a top priority at NFA so we continuously monitor our systems to ensure effective security. As details on the depth and extent of this vulnerability continue to be revealed, NFA will continue to work both internally and with its IT vendors to identify any potential areas of susceptibility. If material issues are uncovered in the future, NFA will inform its Members accordingly.