Apps: Security

Shellshock: Security Software Bug

Shellshock: You Need To Know About This Security Software Bug
Shellshock: Security Software Bug

Shellshock

You Need to Know about this Security Software Bug

Shellshock, also known as Bashdoor, is a family of security software bugs in the Unix Bash shell. Many Internet-facing services use Bash to process certain requests, allowing an attacker to cause vulnerable versions of Bash to execute arbitrary commands. This can allow an attacker to gain unauthorized access to a computer system.

Attackers exploited Shellshock within hours of the initial disclosure by creating botnets on compromised computers to perform distributed denial-of-service attacks and vulnerability scanning. Millions of attacks and probes related to the bug were recorded by security companies in the days following the disclosure.

Shellshock could potentially be used to compromise millions of unpatched servers and other systems. Thus, it has been compared to the Heartbleed bug in its severity.

Apple Inc. commented that OS X systems are safe by default, unless users configure advanced UNIX services. Such advanced users are typically capable of turning the services off until a patch built using Xcode can be implemented.

Within an hour of the announcement of the Bash vulnerability, there were reports of machines being compromised by the bug, and botnets based on computers compromised with exploits based on the bug were being used by attackers for distributed denial-of-service (DDoS) attacks and vulnerability scanning.

On 26 September 2014, the security firm Incapsula noted 17,400 attacks on more than 1,800 web domains, originating from 400 unique IP addresses, in the previous 24 hours. It’s said that 55% of the attacks were coming from China and the United States. By 30 September, the website performance firm CloudFlare said it was tracking approximately 1.5 million attacks and probes per day related to the bug. On 6 October, it was reported that Yahoo! servers had been compromised in an attack related to the Shellshock issue.

With the disclosure of the bash vulnerabilities, the information security community was thrown into a bit of a tizzy. Actually, most organizations have devices running on a *nix platform, and utilize the bash shell and are vulnerable.

­See also:

Shellshock: You Need To Know About This Security Software Bug

Shellshock: You Need To Know About This Security Software Bug

Click to add a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Apps: Security

More in Apps: Security

  • Mobile Payment Technologies

    Mobile Payment Technologies (MPT) Smart devices are rapidly becoming the wallet of the future, and mobile payments...

  • President Putin Prohibits VPN and Anonymizers

    Putin and VPN: President Putin’s Whipping the Waves Russian President Vladimir Putin has signed a law prohibiting...

  • ORWL: Little Samurai

    ORWL: Little Samurai Samurai were famous for their loyalty: these warriors died protecting their lord and if...

  • Vaccine from the New Ransomware

    Symantec Discovered a ‘Vaccine’ from the New Ransomware On Tuesday organizations across the world suffered just another...

  • Quantum Networks For All

    Quantum Networks For All The recent outbreak of WannaCry ransom malware brought up a lot of issues....

  • Schedule PC Shut-Down

    How to Schedule the PC Shut-Down with Third Party Programs PCs still lack the most needful tool...

  • Backup – Your Password to Safety

    Backup – Your Password to Safety The WannaCry ransomware caused a lot of troubles to public organizations...

  • Blockchain

    Blockchain What is Blockchain and could it really reverse the course of civilization, according to zdnet.com Website...

  • Weaponized USB Stick – Destroy Them All!

    Weaponized USB Stick – Destroy Them All! Researchers have developed new technology that can prevent stolen electronics...

©2017 iGotOffer.com. All Rights Reserved. iGotOffer.com is not affiliated with the manufacturers of the items available for trade-in. iGotOffer.com is trademarks of Best Video Studio LLC, registered in the U.S. All other trademarks, logos and brands are the property of their respective owners.