Shellshock: 'Deadly serious' new vulnerability found Skip to main content

Shellshock: 'Deadly serious' new vulnerability found

Open padlock More than 500 million computers could be affected, early estimates suggest

Related Stories

A "deadly serious" bug potentially affecting hundreds of millions of computers, servers and devices has been discovered.
The flaw has been found in a software component known as Bash, which is a part of many Linux systems as well as Apple's Mac operating system.
The bug, dubbed Shellshock, can be used to remotely take control of almost any system using Bash, researchers said.
Experts said it was more serious than the Heartbleed bug discovered in April.
"Whereas something like Heartbleed was all about sniffing what was going on, this was about giving you direct access to the system," Prof Alan Woodward, a security researcher from the University of Surrey, told the BBC.
"The door's wide open."
Some 500,000 machines worldwide were thought to have been vulnerable to Heartbleed. But early estimates, which experts said were conservative, suggest that Shellshock could hit at least 500 million machines.
The problem is particularly serious given that many web servers are run using the Apache system, software which includes the Bash component.
Patch immediately Bash - which stands for Bourne-Again SHell - is a command prompt on many Unix computers. Unix is an operating system on which many others are built, such as Linux and Mac OS.
The US Computer Emergency Readiness Team (US-Cert) issued a warning about the bug, urging system administrators to apply patches.
However, other security researchers warned that the patches were "incomplete" and would not fully secure systems.
Of particular concern to security experts is the simplicity of carrying out attacks that make use of the bug.
Cybersecurity specialists Rapid7 rated the Bash bug as 10 out of 10 for severity, but "low" on complexity - a relatively easy vulnerability for hackers to capitalise on.
"Using this vulnerability, attackers can potentially take over the operating system, access confidential information, make changes, et cetera," said Tod Beardsley, a Rapid7 engineer.
"Anybody with systems using Bash needs to deploy the patch immediately."
For general home users, Prof Woodward suggested simply keeping an eye on manufacturer websites for updates - particularly for hardware such as broadband routers.

 http://www.bbc.com/news/technology-29361794
Labels:

Comments

Post a Comment

Popular posts from this blog

Sri Bhaddanta Chandramani Mahathera

The Life Story of A Distinguished And Outstanding Bhikkhu The Most Venerable Saradawpharagree Sri Bhaddanta Chandramani Mahathera The Buddhist missionary Saradaw Ashin U Chandramani was endowed with great gifts and led a famous and long life. He was a very well known, distinguished and outstanding Bhikkhu Mahathera. While living in the Kushinagar Monastery, a place close to where the Lord Buddha had passed away to Nirvana, the Government of India had offered, and he had accepted, the highest, most honourable and respected title "Guru Guru MahaGuru". He became the first ever President of all Buddhists in India.A World Buddhist Conference took place in Kathmandu during the reign of King Mahindra of Nepal. The Conference was very well attended by over one hundred thousand Buddhists from various parts of the world and it was opened by King Mahindra himself. As requested by the King, Saradawpharagree blessed all the participants with the power of Triple Gems...
Post a Comment
Read more

Thai penis whitening trend raises eyebrows

Image copyright LELUXHOSPITAL Image caption Authorities warn the procedure could be quite painful A supposed trend of penis whitening has captivated Thailand in recent days and left it asking if the country's beauty industry is taking things too far. Skin whitening is nothing new in many Asian countries, where darker skin is often associated with outdoor labour, therefore, being poorer. But even so, when a clip of a clinic's latest intriguing procedure was posted online, it quickly went viral. Thailand's health ministry has since issued a warning over the procedure. The BBC Thai service spoke to one patient who had undergone the treatment, who told them: "I wanted to feel more confident in my swimming briefs". The 30-year-old said his first session of several was two months ago, and he had since seen a definite change in the shade. 'What for?' The original Facebook post from the clinic offering the treatment, which uses lasers to break do...
1 comment
Read more

Three Dead, Seven Injured by Artillery Shells in Two Incidents in Myanmar’s Mrauk-U

By MIN AUNG KHINE 2 December 2019 Sittwe, Rakhine State –Three Mrauk-U township residents died and four others were injured when an artillery shell struck their community in the Ale Zay quarter of Mrauk-U town on Monday afternoon after 4 p.m. A month-old girl, a 4-year-old boy and a 30-year-old woman died, according to Dr. Khin Maung Yin, the head of Mrauk-U hospital. He said, “A man and three other women were injured. One of the women sustained severe injures to her left leg and her right knee was dislocated. The injured will be operated on.” Details of what occurred were not yet known. A few hours earlier, three civilians were injured when an artillery shell fell on the village of Na Leik in Mrauk-U Township, Rakhine State, western Myanmar, on Monday at around 1 p.m., according to Yan Aung Pyin village-tract administrator U Sein Hla Aung. Two females, aged 13 and 27, and an 18-year-old male were injured in the incident, he said. Three people were hit by shrapnel and we have...
Post a Comment
Read more