Back in April, the Internet has been shaken by the threat of heartbleed, a bug that targeted encryption OpenSSL and flew up to 64kb of data at once. Millions of users and businesses have been affected by the virus, and 40 percent of Internet users actively change their passwords when news broke of vulnerability. Today there is a new threat. Shellshock, a Bug Bash, even Mac and Linux users, Ubuntu, and other vulnerable systems to attack.
What is a Bug Bash?
The shell of a computer is a way for the user to send requests or communicate with a computer, and bash is actually an acronym for "Bourne Again Shell," named after the shell code Stephen Bourne. it is a basic shell with some programs that help compatibility. When there is a vulnerability, hackers add additional code in the hull and can make it do what they want.
a common metaphor used to describe this vulnerability is to leave your door open. Someone can easily open and do what they want in your home. another comparison used by bloggers and the media is having a hole in your shoe. water, dirt and gravel can all slip through and damage your foot.
This is not New Flaw
the reason bloggers use the metaphor leave your door open is because this vulnerability was lurking in the shadows for years. Unfortunately, the recent reveal of the bug and the subsequent media coverage bring to the attention of hackers everywhere. Continuing the metaphor, it is as if a group of criminals has just discovered an entire neighborhood that never closes its doors.
Everyone is looking for examples of Shellshock attacks "in the wild", or for the purpose of operating the systems in place to test vulnerabilities. ZDNet already reported finding malware that launched distributed denial of service (DDoS) on software and ran passwords and common logins (admin, password, 12345, etc.) in an attempt to hack and steal data.
Who Will be affected by Shellshock
For years, Mac users have believed it (Busted) myth that their systems will never get viruses and are impervious to all attacks malicious software or system. This bug could change all that. Moreover, Bash is available on any Linux system, and is a basic common shell that can be easily used. Many non-Windows devices could be affected.
Security researcher Robert Graham told ZDNet that the preliminary calculations of vulnerability could be underestimated. DHCP systems are also vulnerable, as malware can worm his ways past firewalls to infect other systems. "A key question is whether the Mac OS X and DHCP iPhone services are vulnerable - once the worm is behind a firewall and performs a hostile DHCP server, it would be" game over "for large networks," . He said
Therefore Shellshock is such a threat to technology. It is a common bug which can be easily operated, and when it is, hundreds of millions of computers could be affected.
What this means for the Internet of Things
The National Institute of Standards and Technology National Database vulnerability has Shellshock 10 of 10 for impact that the bug might have on the internet of Things and its operability.
This bug affects more than laptops or a particular device, but rather a range of computers that are connected to the Internet. It would be one thing if only the Mac and iPhone users have been hurt by Shellshock, but more than half a billion devices of different brands could be available. Routers, medical devices, and cell phones that use UNIX-based Web servers are vulnerable. It is not only a Mac problem; it is a problem of Internet.
The main difference between Shellshock and heartbleed is that this bug has access to your operating system, giving total control to an attacker that exploits the bug to access your computer. It goes much further than information theft.
How long before the hole is patched?
Unfortunately, the creation of a fix for this bug is not an easy proposition. Heartbleed only affected a version of OpenSSL, but this hole is in any and all devices that use Bash. Developers can not begin to calculate a time to correct the bug until they have an idea how many devices are actually vulnerable.
Apple announced that it was working quickly to create a patch Shellshock on its devices, and urges users not to worry. Some Linux vendors have released patches, and Ubuntu has changed Bash Dash. Dash is short for Debian Almquist Shell, which is a shell replacement orders
What users can do
Users who are not familiar with bugs -.? Much less coding and DDOS attacks - are often left wondering what they can do when something like this happens. While most users have to sit and wait for a solution, there are preliminary steps that all computer owners can take to ensure that their devices are secure from other types of attacks that could result from Shellshock.
First, change your passwords. If you were one of the 40 percent who changed their heartbleed over there six months, then it's time to change again. If your password or passwords are easy to guess (such as admin and password123), then switch to something stronger. Hackers already use this vulnerability to insert malware to guess the password, to change yours before your unit is attacked.
Also, update your hardware and software immediately. It is tempting to click on the window and install an update later, but different software vendors will be releasing patches in the coming days. Update your computer today and keep the installation as new updates arrive.
Finally, those who are tech savvy can follow the instructions provided by WonderHowTo to check whether or not your device is vulnerable.
In the coming days, more information about Shellshock arise. Some will be good as developers create patches and can determine exactly how many devices are affected. More news will be bad that hackers have broken developers and take advantage of the vulnerability before it can be fixed. It is up to users to protect their devices at best they can and hope the developers can fix the bug before all Internet objects is affected.
Image via Flickr by Robbert van der Steeg
0 Komentar