‘Deadly serious’ bug discovered September 25, 2014 - 15:23 AMT PanARMENIAN.Net - A "deadly serious" bug potentially affecting hundreds of millions of computers, servers and devices has been discovered, according to BBC News. The flaw has been found in a software component known as Bash, which is a part of many Linux systems as well as Apple's Mac operating system. The bug, dubbed Shellshock, can be used to remotely take control of almost any system using Bash, researchers said. Experts said it was more serious than the Heartbleed bug discovered in April. "Whereas something like Heartbleed was all about sniffing what was going on, this was about giving you direct access to the system," Prof Alan Woodward, a security researcher from the University of Surrey, told the BBC. "The door's wide open." Some 500,000 machines worldwide were thought to have been vulnerable to Heartbleed. But early estimates, which experts said were conservative, suggest that Shellshock could hit at least 500 million machines. The problem is particularly serious given that many web servers are run using the Apache system, software which includes the Bash component. Bash - which stands for Bourne-Again SHell - is a command prompt on many Unix computers. Unix is an operating system on which many others are built, such as Linux and Mac OS. The U.S. Computer Emergency Readiness Team (US-Cert) issued a warning about the bug, urging system administrators to apply patches. However, other security researchers warned that the patches were "incomplete" and would not fully secure systems. Of particular concern to security experts is the simplicity of carrying out attacks that make use of the bug. Cybersecurity specialists Rapid7 rated the Bash bug as 10 out of 10 for severity, but "low" on complexity - a relatively easy vulnerability for hackers to capitalize on. "Using this vulnerability, attackers can potentially take over the operating system, access confidential information, make changes, et cetera," said Tod Beardsley, a Rapid7 engineer. "Anybody with systems using Bash needs to deploy the patch immediately." For general home users, Prof Woodward suggested simply keeping an eye on manufacturer websites for updates - particularly for hardware such as broadband routers.  Top stories Yerevan will host the 2024 edition of the World Congress On Information Technology (WCIT). Rustam Badasyan said due to the lack of such regulation, the state budget is deprived of VAT revenues. Krisp’s smart noise suppression tech silences ambient sounds and isolates your voice for calls. Gurgen Khachatryan claimed that the "illegalities have been taking place in 2020."   Partner news Most popular in the section |  Latest news Czech-Armenian military cooperation discussed in Yerevan  A delegation led by the Director General for the Industrial Cooperation Division of the Ministry of Defence of the Czech Republic visited Armenia.U.S. welcomes efforts to define Armenia-Azerbaijan border The United States welcomes efforts to define the border between Armenia and Azerbaijan, says Vedant Patel.Biden honors resilience of Armenian people on April 24 U.S. President Joe Biden has issued a statement on the 109th anniversary of the Armenian Genocide.Ex-Karabakh leader moved to solitary confinement cell in Baku, his son says David Vardanyan is the son of former Karabakh leader Ruben Vardanyan who who is currently imprisoned in Azerbaijan. |
