Sunday, 24 Nov, 2024

Tech

Shellshock new threat for Mac, Linux

ICT Desk |
Update: 2014-09-26 10:35:00
Shellshock new threat for Mac, Linux

DHAKA: A new, devastating bug could be waging war on your computer.

The U.S. Department of Homeland Security's cybersecurity team issued a warning against the Shellshock bug Wednesday, reports the NY Daily News.

It said that Shellshock -- rated a 10 out of 10 on the U.S. National Vulnerability Database's severity scale -- attacks Bash, a piece of software frequently used on Linux and Mac computers.

The serious bug has been dubbed bigger than Heartbleed, which left millions of computer's sensitive data vulnerable to hackers.

WHAT IS BASH?

Bourne Again Shell, frequently called Bash, is a piece of software in many Unix-based operating systems, including Linux and Apple's OS X. It's a shell, a type of program that lets users command their computers.

Bash allows users to run actions on their computers — a few codes and words typed in can launch other programs or enable features. It's largely used by programmers.

WHAT IS SHELLSHOCK?

Shellshock is a hole in Bash that, when carefully accessed, lets an outsider's code be processed and executed on a user's computer.

Linux specialist Stephane Schazelas discovered the bug this week, but it's likely existed in the system for at least 20 years.

HOW CAN HACKERS EXPLOIT SHELLSHOCK?

An attacker could use the hole to insert code into a victim's computer, running commands and prompting the machine into action. That means an outsider could control a computer remotely. The attacker could access files, copy and delete data, and run programs.

"Using this vulnerability, attackers can potentially take over the operating system, access confidential information, make changes, et cetera," Tod Beardsley, a manager at cybersecurity firm Rapid7, told Reuters.

HOW BAD IS IT?

Some cybersecurity experts called Shellshock a bigger bug than Heartbleed, a massive security flaw that allowed hackers to spy on computers.

Heartbleed opened up massive privacy concerns, but hackers could only spy on computers — not control them, Reuters explained. With Shellshock, information and files on a properly accessed computer could be manipulated, not just watched.

Shellshock is also worse than Heartbleed because it's so simple: an attacker could exploit the flaw with just three lines of code, Wired reported.

Plus, since the flaw has been around for more than two decades, there are a lot of computers susceptible to it.

"The number of systems needing to be patched, but which won't be, is much larger than Heartbleed," Cybersecurity guru Robert Graham wrote in a blog post.

HOW DO I KNOW IF MY COMPUTER IS AFFECTED?

All Mac computers run Bash, and many Linux operating systems do, too, putting both types of computer at risk.

But there's a quick test to figure out if your system is vulnerable, Ars Technica explained.

First, open Bash on your computer. On a Mac, open "Terminal."

Then, type this line of text into the shell: env x='() ; echo vulnerable' bash -c "echo this is a test"

Hit "enter" to run the command.

Your computer is safe if the command returns the text: "bash: warning: x: ignoring function definition attempt bash: error importing function definition for `x' this is a test"

If your output says, "vulnerable this is a test," you're at risk.

WHAT CAN I DO?

Many operating systems are working on updates to patch the bug, and the United States Computer Emergency Readiness Team urged users to update their computers as quickly as possible.

Four Linux vendors — CentOS, Debian, Redhat and Ubuntu — have already issued updates.

BDST: 2030 HRS, SEP 26, 2014

All rights reserved. Sale, redistribution or reproduction of information/photos/illustrations/video/audio contents on this website in any form without prior permission from banglanews24.com are strictly prohibited and liable to legal action.