The biggest security threat – ‘bigger than Heartbleed’ – as numerous researchers are touting it, is looming large over every computer-user. Reportedly concealed in one of the most fundamental interfaces powering the Internet, the security flaw called the ‘Bash bug’, or ‘Shellshock’, or simply ‘Bash’, for that matter, is positioned in the command-line shell used in many operating systems, which has basically exposed websites and devices running on these systems to the impending attack.
The user-interface in question is the one that accesses operating systems like Command Prompt. This implies that countless Linux and Unix systems, along with a few BSD systems, including Apple’s OS X, are susceptible at this point.
Mounting the peak of concerns even higher is the pervasive nature of the bug, which means that a large percentage of software will be in perpetual interaction with the shell, thereby enabling it to break into software in a variety of ways.
Experts suggest that it will take webmasters and systems-administrators years to fix this bug.
Security firm Rapid7 has rated the bug – 10/10 – in terms of ‘severity’, but low when it comes to ‘complexity’ as it enables hackers to exploit it with merely three lines into the code.
Speaking about the bug, Darien Kindlund, Director of Threat Research at FireEye, said, “It’s worse than Heartbleed, in that it affects servers that help manage huge volumes of internet traffic. Conservatively, the impact is anywhere from 20 to 50 per cent of global servers supporting web pages. Specifically, this issue affects web servers using GNU BASH to process traffic from the Internet. In addition, this bug covers almost all CGI-based web servers, which are generally older systems on the Internet.”
On the other hand, leading security expert Robert Graham opined that devices that video cameras are particularly in danger because a vast percentage of their software is built from web-enabled bash scripts.
And, akin to the older systems which might be difficult to be patched once affected, these devices too are very less likely to be patched, but they also stand the added risk of their vulnerability being laid bare for the outside world to see.
