Beware of the Shellshock bug and its implications to your data

The new Shellshock bug is already causing ripples, despite being discovered recently. So, what really is Shellshock? Shellshock is the OS X and Linux Bash Bug that security researchers believe could be bigger than Heartbleed.

Earlier this year, the Heartbleed Bug was discovered which featured in news headlines around the world causing panic among many internet users because their personal information and data was at risk. Six months later, security researchers have uncovered another big flaw that they believe could cause a lot of internet fraud.

shellshock-bug

This bug, dubbed “shellshock” by security experts, affects the UNIX command shell, which is a major application in the computer systems.

This includes all machines running Linux or Mac OSX. “The command prompt” or “shell” is a software that allows the computer to interact with the outside (you) by interpreting the text. This vulnerability created affects the “Bash”, also known as shell, affects the systems software and other devices that use a subset of Linux such as cameras, smartlocks, storage and multimedia appliances.

The bug is a bit complicated and can only be described by technical and programming terminologies in the information and communication field. To be precise, the attacker is able to run a code by simply getting the basic information about the target computer. The computer can be protected by running a firewall and blocking external requests not initiated locally by the software already authorized to run. The IoT and servers devices are a different issue.

Computer users using Linux system or Mac OSX can open the terminal and run this code through their system “env x='() { :;}; echo vulnerable' bash -c ‘echo this is a test'” to help establish whether their systems are vulnerable or not. The attacker can load a malware on the system and delete files, activate cameras or steal private information, plus anything else that may be private and confidential a person.

Top security specialist with Microsoft, Troy Hunt, described the bug as, “Very widespread, very easily exploited and that it has a significant impact when an attacker has hold of it”. He further said the threat level has been reported to be on high-rise as it gets by. He reported via email to the National Institute of Standards and Technology. The bug is real, and all internet and computer users should be very cautious about it as they go about their daily duties.

Leave a Reply

Your email address will not be published. Required fields are marked *

five × 2 =