Is the Shellshock Bash Bug Worse than the Heartbleed Bug?
Another day another Internet vulnerability. This time it has been christened Shellshock or the Bash Bug and affects many systems especially Internet Servers. It was found by industry experts in the last few days and some say that it is worse than Heartbleed.
I think it’s too early to say but the following is a summary of what I have learned so far. This software bug has been around for a long time, over twenty years in fact. As with Heartbleed it is not a virus per say but in this case it does have the potential to allow malicious hackers to inject viruses onto servers. The range of bad things that can be done to a server has not been fully assessed. Using this weakness, hackers can fool systems into running unwanted commands. For example it could be used to display the contents of a security file. The bug was noticed in a module of program code called Bash that is extensively found in computers that use the Linux, UNIX and OS X operating systems. It does a similar job as the command prompt in Windows. Many Internet systems that we interact with use Bash in the background. The major commercial Internet sites like Amazon have already patched their systems. Over the next few days we will get a better view of the full effects. Of course when news of a vulnerability is highlighted, in this case by Red Hat a long established Linux Support organisation there is a rush to fix the bug. Unfortunately it also gives the bad guys a heads up on where and how they can start attacking systems. The bug itself is not technically difficult to fix but due to the widespread use of Bash it is reckoned that there will unpatched systems for some time to come. From a user perspective they should make sure that their anti-virus software is up to date and it is advisable to check that any Internet providers they interact with have patched their systems.
If you are interested in a more technical description of the bug take a look at this link from Symantec http://www.symantec.com/connect/blogs/shellshock-all-you-need-know-about-bash-bug-vulnerability