‘Shellshock’ Bug Could Undermine Millions of Websites
Researchers have discovered a security flaw "bigger than Heartbleed," the bug that affected nearly every computer user earlier this year, in one of the most fundamental points of contact between users on the Internet.
Researchers have discovered a security flaw “bigger than Heartbleed,” the bug that affected nearly every computer user earlier this year, in one of the most fundamental points of contact between users on the Internet.
The Independent reports:
The ‘Bash bug’, also known as Shellshock, is located in the command-line shell used in many Linux and Unix operating systems, leaving websites and devices power[ed] by these operating systems open to attack.
Like Heartbleed, Shellshock is a pervasive flaw that security researchers say will take years to fix properly. The responsibility to do so however rests with webmasters and systems administrators – rather than average users.
Security firm Rapid7 has rated the bug as 10 out of 10 for its severity, but “low” for complexity – with hackers able to exploit it using just three lines of code.
However, unlike Heartbleed, Shellshock will not require users to rush from site to site changing their passwords but it does give hackers another method of attack that they could potentially use to take over computers or mobile devices.
The bug is estimated to have been around for at least a decade. Quoted by the Independent, security researcher Michal Zalewski said that it’s not unusual for the bug to have gone unnoticed for so long:
“My take is that it’s a very unusual bug in a very obscure feature of a program that researchers don’t really look at, precisely because no reasonable person would expect it to fail this way. So, life goes on.”
Read more here.
— Posted by Alexander Reed Kelly
WAIT, BEFORE YOU GO…If you're reading this, you probably already know that non-profit, independent journalism is under threat worldwide. Independent news sites are overshadowed by larger heavily funded mainstream media that inundate us with hype and noise that barely scratch the surface. We believe that our readers deserve to know the full story. Truthdig writers bravely dig beneath the headlines to give you thought-provoking, investigative reporting and analysis that tells you what’s really happening and who’s rolling up their sleeves to do something about it.
Like you, we believe a well-informed public that doesn’t have blind faith in the status quo can help change the world. Your contribution of as little as $5 monthly or $35 annually will make you a groundbreaking member and lays the foundation of our work.
One lesson of the Heartbleed bug is that the U.S. needs to stop running Internet security like a Wikipedia volunteer project.
Would You Trust The NSA’s Advice On How To Deal With Heartbleed? (via Techdirt) Somewhat late to the game (by about a week), after the Heartbleed vulnerability was publicly revealed, and a few days after it was reported and denied that the NSA was already well aware of Heartbleed and exploiting it, the NSA has […]
In violation of one of its primary missions, the National Security Agency has kept secret the biggest threat to Internet security in memory in order to exploit it, sources say.
A critical flaw that has been with us for some time and could be around for months to come leaves much of the Internet vulnerable.
There are currently no responses to this article.
Be the first to respond.