‘Shellshock’ Bug Could Undermine Millions of Websites
Researchers have discovered a security flaw "bigger than Heartbleed," the bug that affected nearly every computer user earlier this year, in one of the most fundamental points of contact between users on the Internet.
Researchers have discovered a security flaw “bigger than Heartbleed,” the bug that affected nearly every computer user earlier this year, in one of the most fundamental points of contact between users on the Internet.
The Independent reports:
The ‘Bash bug’, also known as Shellshock, is located in the command-line shell used in many Linux and Unix operating systems, leaving websites and devices power[ed] by these operating systems open to attack.
Like Heartbleed, Shellshock is a pervasive flaw that security researchers say will take years to fix properly. The responsibility to do so however rests with webmasters and systems administrators – rather than average users.
Security firm Rapid7 has rated the bug as 10 out of 10 for its severity, but “low” for complexity – with hackers able to exploit it using just three lines of code.
However, unlike Heartbleed, Shellshock will not require users to rush from site to site changing their passwords but it does give hackers another method of attack that they could potentially use to take over computers or mobile devices.
The bug is estimated to have been around for at least a decade. Quoted by the Independent, security researcher Michal Zalewski said that it’s not unusual for the bug to have gone unnoticed for so long:
“My take is that it’s a very unusual bug in a very obscure feature of a program that researchers don’t really look at, precisely because no reasonable person would expect it to fail this way. So, life goes on.”
Read more here.
— Posted by Alexander Reed Kelly
WAIT BEFORE YOU GO...This year, the ground feels uncertain — facts are buried and those in power are working to keep them hidden. Now more than ever, independent journalism must go beneath the surface.
At Truthdig, we don’t just report what's happening — we investigate how and why. We follow the threads others leave behind and uncover the forces shaping our future.
Your tax-deductible donation fuels journalism that asks harder questions and digs where others won’t.
Don’t settle for surface-level coverage.
Unearth what matters. Help dig deeper.
Donate now.
One lesson of the Heartbleed bug is that the U.S. needs to stop running Internet security like a Wikipedia volunteer project.
Would You Trust The NSA’s Advice On How To Deal With Heartbleed? (via Techdirt) Somewhat late to the game (by about a week), after the Heartbleed vulnerability was publicly revealed, and a few days after it was reported and denied that the NSA was already well aware of Heartbleed and exploiting it, the NSA has […]
In violation of one of its primary missions, the National Security Agency has kept secret the biggest threat to Internet security in memory in order to exploit it, sources say.
A critical flaw that has been with us for some time and could be around for months to come leaves much of the Internet vulnerable.
You need to be a supporter to comment.
There are currently no responses to this article.
Be the first to respond.