Tags: bash | bug | web-connected | devices

'Bash' Software Bug to Spread Havoc Via Web-Linked Devices?

By    |   Thursday, 25 Sep 2014 12:10 PM

The "Bash bug," a newly discovered security flaw in commonly used Linux software, could pose a bigger threat than the so-called "Heartbleed" bug and could invade a household through something as innocuous as a "smart" light bulb.

According to CNN, the flaw can affect the way many devices communicate over the Internet and could let someone hack every device in a house, business or government building.

Because the affected software is used in Internet-connected devices to run commands, like "turn on" and "turn off," an Internet-connected "smart" light bulb becomes a launchpad to hack everything else, cybersecurity expert Robert Graham told CNN, including a home computer, or a retailer's payment terminals, or a government database.

Urgent: Do You Approve Or Disapprove of President Obama's Job Performance? Vote Now in Urgent Poll

The bug found in the Linux Bash software prompted an alert issued by the Department of Homeland Security's United States Computer Emergency Readiness Team, noting the exposure affected Unix-based operating systems including Linux and Apple's Mac OS X, according to Reuters.

"Security experts say the bug is easier to exploit and is a greater threat than the Heartbleed bug that only allowed attackers to spy on computers, not to take complete control," reported ComputerWeekly.com.

"This means anyone exploiting the bug could access and potentially manipulate sensitive information on targeted Unix-based machines. This is of particular concern for enterprises, because a large proportion of enterprise servers are Unix-based," noted ComputerWeekly.com.

Tod Beardsley, an engineering manager at cybersecurity firm Rapid7, told Reuters that the bug was rated a "10" for severity and it was pretty easy for hackers to launch attacks.

"Using this vulnerability, attackers can potentially take over the operating system, access confidential information, make changes, et cetera," said Beardsley. "Anybody with systems using Bash needs to deploy the patch immediately."

Alan Woodward, of the University of Surrey, told ComputerWeekly.com that computers using Apache that run on Unix would be vulnerable to the bug, too.

"As we have just passed the point where there are one billion active websites – that means in excess of 500 million sites could be vulnerable to this security flaw, compared with only 500,000 for the Heartbleed bug," said Woodward.

Woodward told ComputerWeekly.com that while patches are being prepared, they are being done under the assumption and device owners are educating themselves on the new bug and the prevailing problem.

"It also does not reach the many other systems and devices that are potentially affected where Linux runs in the background, nearly always unknown to the owner, such as home Wi-Fi routers," said Woodward.

ZDNet.com reported that security researcher Robert Graham claimed that he found at least 3,000 systems vulnerable to the bug.

Urgent: Assess Your Heart Attack Risk in Minutes. Click Here.

© 2017 Newsmax. All rights reserved.

   
1Like our page
2Share
TheWire
The "Bash bug," a newly discovered security flaw in commonly used Linux software, could pose a bigger threat than the so-called "Heartbleed" bug and could invade a household through something as innocuous as a "smart" light bulb.
bash, bug, web-connected, devices
461
2014-10-25
Thursday, 25 Sep 2014 12:10 PM
Newsmax Inc.
 

Newsmax, Moneynews, Newsmax Health, and Independent. American. are registered trademarks of Newsmax Media, Inc. Newsmax TV, and Newsmax World are trademarks of Newsmax Media, Inc.

NEWSMAX.COM
America's News Page
© Newsmax Media, Inc.
All Rights Reserved