bash computer bug could hit millions
Last Updated : GMT 06:49:16
Arab Today, arab today
Arab Today, arab today
Last Updated : GMT 06:49:16
Arab Today, arab today

'Bash' computer bug could hit millions

Arab Today, arab today

Arab Today, arab today 'Bash' computer bug could hit millions

Unix-based operating systems powered by Linux and Apple's Mac OS
Washington - AFP

The US government and technology experts warned Thursday of a vulnerability in some computer-operating systems, including Apple's Mac OS, which could allow widespread and serious attacks by hackers.
The flaw affects "Unix-based operating systems" powered by Linux and Apple's Mac OS, said the warning from the US Computer Emergency Readiness Team (CERT), part of the Department of Homeland Security.
CERT said that if hackers exploit this they could take control of a PC: "Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code on an affected system."
The agency said a patch was available for the flaw, which is described by security researchers as "Bash" or "Shellshock."
Some said the security hole would be more damaging than the "Heartbleed" bug which affected millions of computers worldwide earlier this year.
- 'Bigger than Heartbleed' -
"This is going to be much bigger than Heartbleed," said Rahul Kashyap, chief security architect at Bromium Labs, a California-based security firm.
Kashyap said the Bash bug could affect millions of devices, from Web servers to Macintosh computers to webcams and other devices which connect to the Internet using open-source operating systems based on Linux.
Because the software is so prevalent, "it means attackers can get into your house, your home routers," Kashyap told AFP.
"They could deface a lot of websites on the fly. A lot of damage can be done, and it's a very simple code."
Even though no exploit of the flaw was seen in the first hours since the vulnerability was made public, Kashyap said he expected "a huge impact in the next few days."
Independent security consultant Graham Cluley agreed that if hackers create a worm that exploits the flaw, "it would, without question, make the Bash bug a more serious threat than the Heartbleed OpenSSL bug that impacted many systems earlier this year."
While Heartbleed allowed unauthorized parties to spy on computers, "the Shellshock Bash bug allows attackers to hijack computers, and use them for their own purposes," Cluley said in a blog post.
- 'Staggering' potential -
Gavin Millard at the security firm Tenable also expressed concern on the extent of the flaw.
"The potential for attackers utilizing Shellshock is huge," he said.
"With millions of Unix and Linux servers being vulnerable and running web services that hackers can connect to, the attack surface is staggering," he wrote in a blog post.
Johannes Ullrich at the SANS Internet Storm Center said the patch for the flaw "is incomplete" and that people using affected systems "should try to implement additional measures" which could include beefed-up firewalls or other software changes.
Eugene Kaspersky, who heads the Kaspersky Lab security group, said in a tweet that the flaw is serious.
The Bash bug "is BAD, expect a lot of exploits and hacked websites to be disclosed in the coming weeks," he wrote.
Researcher Robert Graham of Errata Security said that unlike Heartbleed, this bug "has been around for a long, long time. That means there are lots of old devices on the network vulnerable to this bug."
The computer security firm Symantec said it "regards this vulnerability as critical, since Bash is widely used in Linux and Unix operating systems running on Internet-connected computers, such as Web servers."
Symantec added in a statement: "Businesses, in particular website owners, are most at risk from this bug and should be aware that its exploitation may allow access to their data and provide attackers with a foothold on their network."
The news comes months after a panic among some security experts over Heartbleed, a flaw in a commonly used online platform for encrypted communications.
Internet users were advised to change passwords to online accounts or services, but only after checking to make sure the Heartbleed flaw was fixed and new certificates of online identity installed.
In the case of Bash, Kashyap said that users of computers and other devices should look to patch their systems quickly when updates become available but also cautioned to "watch out for scams, which could be fake updates" to install malware.

arabstoday
arabstoday

Name *

E-mail *

Comment Title*

Comment *

: Characters Left

Mandatory *

Terms of use

Publishing Terms: Not to offend the author, or to persons or sanctities or attacking religions or divine self. And stay away from sectarian and racial incitement and insults.

I agree with the Terms of Use

Security Code*

bash computer bug could hit millions bash computer bug could hit millions

 



Name *

E-mail *

Comment Title*

Comment *

: Characters Left

Mandatory *

Terms of use

Publishing Terms: Not to offend the author, or to persons or sanctities or attacking religions or divine self. And stay away from sectarian and racial incitement and insults.

I agree with the Terms of Use

Security Code*

bash computer bug could hit millions bash computer bug could hit millions

 



GMT 06:49 2012 Saturday ,01 September

Lamitta Frangieh on her \'Facebook Romance\'

GMT 08:26 2017 Wednesday ,08 February

Qatar spending $500m a week on World Cup projects

GMT 17:00 2017 Tuesday ,27 June

Saudi Arabia rebuts fake news on Turkey, Israel

GMT 10:31 2016 Monday ,12 December

Second Sydney airport cleared for take off

GMT 05:27 2017 Sunday ,16 April

GIB Capital wins 4 EMEA Finance Awards

GMT 13:58 2016 Friday ,30 December

Australia beat Pakistan to win Test series

GMT 10:07 2017 Monday ,17 April

Mark Hamill would like to play George Lucas

GMT 12:10 2016 Tuesday ,13 December

Over 30 dead as Kenya tanker crashes, explodes

GMT 02:13 2017 Monday ,25 September

December22nd-January20th

GMT 15:39 2017 Tuesday ,03 October

Bangladesh rescues 20 Rohingya held by racket gang

GMT 02:51 2017 Friday ,10 November

Under siege, Syria doctors forced to improvise care
Arab Today, arab today
 
 Arab Today Facebook,arab today facebook  Arab Today Twitter,arab today twitter Arab Today Rss,arab today rss  Arab Today Youtube,arab today youtube  Arab Today Youtube,arab today youtube

Maintained and developed by Arabs Today Group SAL.
All rights reserved to Arab Today Media Group 2021 ©

Maintained and developed by Arabs Today Group SAL.
All rights reserved to Arab Today Media Group 2021 ©

arabstoday arabstoday arabstoday arabstoday
arabstoday arabstoday arabstoday
arabstoday
بناية النخيل - رأس النبع _ خلف السفارة الفرنسية _بيروت - لبنان
arabstoday, Arabstoday, Arabstoday