Researchers have discovered a security flaw “bigger than Heartbleed,” the bug that affected nearly every computer user earlier this year, in one of the most fundamental points of contact between users on the Internet.

The Independent reports:

The ‘Bash bug’, also known as Shellshock, is located in the command-line shell used in many Linux and Unix operating systems, leaving websites and devices power[ed] by these operating systems open to attack.

Like Heartbleed, Shellshock is a pervasive flaw that security researchers say will take years to fix properly. The responsibility to do so however rests with webmasters and systems administrators – rather than average users.

Security firm Rapid7 has rated the bug as 10 out of 10 for its severity, but “low” for complexity – with hackers able to exploit it using just three lines of code.

However, unlike Heartbleed, Shellshock will not require users to rush from site to site changing their passwords but it does give hackers another method of attack that they could potentially use to take over computers or mobile devices.

The bug is estimated to have been around for at least a decade. Quoted by the Independent, security researcher Michal Zalewski said that it’s not unusual for the bug to have gone unnoticed for so long:

“My take is that it’s a very unusual bug in a very obscure feature of a program that researchers don’t really look at, precisely because no reasonable person would expect it to fail this way. So, life goes on.”

Read more here.

— Posted by Alexander Reed Kelly

 Your support matters…

Independent journalism is under threat and overshadowed by heavily funded mainstream media.

You can help level the playing field. Become a member.

Your tax-deductible contribution keeps us digging beneath the headlines to give you thought-provoking, investigative reporting and analysis that unearths what's really happening- without compromise.

Give today to support our courageous, independent journalists.

SUPPORT TRUTHDIG
In this Article:
#heartbleed