| Online: | |
| Visits: | |
| Stories: |
‘Shellshock’ Bug Could Undermine Millions of Websites
Researchers have discovered a security flaw “bigger than Heartbleed,” the bug that affected nearly every computer user earlier this year, in one of the most fundamental points of contact between users on the Internet.
The Independent reports:
The ‘Bash bug’, also known as Shellshock, is located in the command-line shell used in many Linux and Unix operating systems, leaving websites and devices power[ed] by these operating systems open to attack.
Like Heartbleed, Shellshock is a pervasive flaw that security researchers say will take years to fix properly. The responsibility to do so however rests with webmasters and systems administrators – rather than average users.
Security firm Rapid7 has rated the bug as 10 out of 10 for its severity, but “low” for complexity – with hackers able to exploit it using just three lines of code.
However, unlike Heartbleed, Shellshock will not require users to rush from site to site changing their passwords but it does give hackers another method of attack that they could potentially use to take over computers or mobile devices.
The bug is estimated to have been around for at least a decade. Writing on his blog, security researcher Michal Zalewski said that not unusual for the bug to have gone unnoticed for so long:
“My take is that it’s a very unusual bug in a very obscure feature of a program that researchers don’t really look at, precisely because no reasonable person would expect it to fail this way. So, life goes on.”
Read more here.
—Posted by Alexander Reed Kelly.
Related Entries
- April 28, 2014 Heartbleed
- April 16, 2014 The U.S. Government Is Paying to Undermine Internet Security, Not to Fix It
Source: http://www.truthdig.com/eartotheground/item/shellshock_bug_could_undermine_millions_of_websites_20140925/
