This new bug is even bigger and even more serious than the ‘Heartbleed’ bug that we saw in April this year. Its severity has been rated a ten out of ten, yet its said to be fairly basic in terms of complexity: hackers can exploit it using merely three lines of code.
Unlike ‘Heartbleed’, however, a password-changing panic will not solve your problem. This new bug is simply another method that will help hackers to access your personal and confidential data.
What is the bug?
The Shellshock Bash Bug is a bug that exploits Bash; its a mistake in Bash’s code. Bash is a type of software that is present mainly in non-Windows operating systems, including Unix, Linux and Mac OS X, although its potential threat to Mac software has not yet been fully discovered. The bug will allow hackers to execute commands on these systems without any need for authentication. Security researchers say that it’s likely that the bug has been present for at least ten years and will remain until webmasters and administrators are able to find a way around it.
Unfortunately, there is very little that the average web user can do to protect themselves.
What does it affect?
This newly discovered bug has the potential to affect servers hosting websites or applications running on Linux based systems. It may also affect many devices in our homes or businesses that run the Bash software, if it has a connection to the internet.
Each device that we connect to the internet has the potential to be affected by Shellshock.
Should I worry about my business being affected?
In short, yes. If you operate any non-Windows systems you are at risk. It’s important that you don’t input any credit card details until sufficient actions have been implemented to protect your systems. It would also be wise to take extra caution if handling any confidential information about your business, as hackers could have the power to view and access this information.
You should also be incredibly cautious when dealing with client information as hackers may be able to access this, too.
How can I protect my business?
The most straightforward way to protect your business from the bug is by ‘patching’ your systems, especially if you’re hosting a website that runs an affected operating system. You should also ensure that all anti-virus software is kept as up to date as possible and that you do not follow any links that you do not recognise and trust.
Where possible, you should also look to your application firewalls to help prevent any attacks from hackers. The one step that everyone should undertake, and the one requiring the least effort, is ensuring that your systems are all updated with the latest version of Bash.
Teams worldwide are working to develop secure methods of protection against the Shellshock Bash Bug for all vulnerable systems.
Until then the most important thing to do is to be extra cautious with data until fixes for this bug have been discovered.
[Photo Credit: thedescrier ]