‘Shellshock’ internet bug has potential to wreak havoc
Shellshock is the first major internet threat to emerge since the discovery in April of Heartbleed, which affected OpenSSL encryption software that is used in about two-thirds of all web servers, along with hundreds of technology products for consumers and businesses.
The latest bug has been compared to Heartbleed partly because the software at the heart of the Shellshock bug, known as Bash, is also widely used in web servers and other types of computer equipment.
The problem is unlikely to affect as many systems as Heartbleed because not all computers running Bash can be exploited, according to security experts. Still, they said Shellshock has the potential to wreak more havoc because it enables hackers to gain complete control of an infected machine, which could allow hackers to destroy data, shut down networks, or launch attacks on websites.
The Heartbleed bug only allowed them to steal data.
The industry is rushing to determine which systems can be remotely compromised by hackers, but there are currently no estimates on the number of vulnerable systems.
“We don’t actually know how widespread this is. This is probably one of the most difficult-to-measure bugs that has come along in years,” said Dan Kaminsky, a well-known expert on internet threats.
For an attack to be successful, a targeted system must be accessible via the internet and also running a second vulnerable set of code besides Bash, experts said.
“There is a lot of speculation out there as to what is vulnerable, but we just don’t have the answers,” said Marc Maiffret, chief technology officer of cybersecurity firm BeyondTrust. “This is going to unfold over the coming weeks and months.”
CONNECT WITH US TODAY
Be the first to know the latest news and updates
