Shellshock Bash Security Bug Greater than Heartbleed

Shellshock: The Deadliest Security Crisis since Heartbleed

It seems 2014 is the year of Security Crises. First came Heartbleed, then came the CCS Bug and now comes Shellshock, which is just as catchy a name as Heartbleed.

Before we tell you what Shellshock is, you need to know what Bash (Bourne Again Shell) is. Bash is a core Part of Linux and Unix Operating Systems (Such as Mac OSX), and has existed since decades. Such operating Systems run on a majority of Servers powering the Internet, and then some more (Android is Linux, and people also use Desktop Linux OS).

So a vulnerability in Bash means a wide-spread Security Crisis, which would take a lot of time and effort to control, and possibly impossible to fully control.

This specific Vulnerability causes someone with malicious intent to use Bash to access confidential Data and also pass on commands, which is extremely dangerous.

As Wikipedia explains, for those who want the nitty gritty:

” While Bash is not an Internet-facing service, many Internet-facing daemonscall it internally, allowing an attacker to use an Internet-facing service that sets the contents of an environmental variable to have Bash execute the commands in the variable. DHCPclients are also potentially vulnerable, and more affected services are expected to be found.[

Patches for this Bug have been released, but they have not yet been able to patch this bug fully. This bug is still out in the wild. Many are working towards a complete patch. Within hours after the report on the Bug was published, people have started exploiting it.

This is a wide-spread Security crisis, and we still don’t know how many systems have been patched, and how many still remain vulnerable.

What do you think of Shellshock? How terrified are you?

Advertisements

What are your Thoughts? Speak your Mind!

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s