byJon Fingas|@jonfingas| 14 hours ago 0 
Apparently, the internet has more deep-seated security bugs to worry about than Heartbleed. Researchers have discovered a longstanding flaw in a common Unix command shell (bash) for Linux and Macs that lets attackers run any code they want as soon as the shell starts running. They can effectively get control of any networked device that runs bash, even if there are limits on the commands remote users can try. That's a big problem when a large chunk of the internet relies on the shell for everyday tasks -- many web servers will call on it when they're running scripts, for example.
...for example, here is the bash bug in action on Mac OS X pic.twitter.com/nfDCUdRnb5
- Robert Graham (@ErrataRob) September 24, 2014There are already patches for multiple Linux variants (CentOS, Debian, Redhat), and big internet services like Akamai have already taken action. However, the age and sheer ubiquity of the exploit means that there are some older servers and other internet-connected devices that won't (and in some cases, can't) be fixed. In other words, there's a chance that everything from poorly maintained websites to your home security camera will remain vulnerable. Some devices will be protected, however, as security researcher Paul McMillan notes that many embedded devices "use BusyBox, which is not vulnerable." It's unlikely that hackers will breach many of the major sites you visit thanks to their quick responses to the flaw, and many of your existing gadgets are probably safe. Having said this, it's hard to know exactly how far reaching the damage may be -- it could take years before there's no longer a significant threat.
[Image credit: Robert Graham, Twitter]
Source: Red Hat Security Blog, Debian.org, US-CERT
More Coverage: Errata Security, ZDNet, Reuters, Troy Hunt
Tags: bash, commandline, exploit, internet, linux, mac, osx, security, shell, shellshock, unix, web Hide Comments 0Comments Apple OS X Yosemite
Apple OS X Yosemite Key specs Reviews • 0 Prices Discussions Type Computer OS Source model Closed, w/ open source Architecture 64-bit Announced 2014-06-02 see all specs → There are not any reviews for this product yet. Why not be the first to write one?
Get better reviews from people who actually have this product!
write a reviewsee all reviews → 37
Let's talk about the WWDC keynote right here! 7 How to install OS X Yosemite inside VirtualBox 2 
What happened to the menu bars? Talk about the Apple OS X Yosemite with other people who own it too!
start a discussion see all discussions → Featured Stories
Murata's cheerleader robots move around on balls and do it in J-Pop unison12 hours ago 0BlackBerry's Passport is a square in looks, but not personality1 day ago 0Acer Chromebook 13 review: long battery life, but performance falls short1 day ago 0BlackBerry put a $2,000 smartphone into our pauper's hands2 days ago 0The fun and weird moments of Tokyo Game Show 20142 days ago 0New Oculus Rift prototype brings out the best in virtual reality4 days ago 0Belkin Crock-Pot Smart Slow Cooker review: Can WiFi make cooking easier?5 days ago 0 Compare Your Gadgets
Instantly compare products side by side and see which one is best for you!
Try it now →
Samsung's new cable can charge your watch using your phone
View the Original article
No comments:
Post a Comment