In somewhat of a repeat of the story of the “Heartbleed” bug where a vulnerability that had existed for two years before researchers discovered it and patched it, a new online security problem has just been discovered. It is a bug that is called Shellshock that affects software called Bash which is an acronym for Bourne-Again Shell which is part of the operating systems of millions of computers and other devices now part of what we call the Internet of Things, such as refrigerators or even your car. While the Heartbleed bug was bad enough in that it jeopardized your passwords and credit cards, Shellshock has the potential to be much worse in that a hacker could actually use it to take over millions of computers, home security systems, routers, Macintosh computers and smartphones using the Android operating system, such as the Samsung Galaxy and other devices that use the affected operating systems. To make things worse, while Heartbleed went undiscovered for two years, the Shellshock flaw went undetected for twenty years.
When the flaw was discovered by researcher Stephane Chazelas, security experts immediately went to work to remedy the problem and although it is not completely fixed, the Department of Homeland Security issued an alert earlier this week with links to the security patches that have now been developed. This threat is a very serious one. The Department of Homeland Security has ranked the problem as a 10, which is its most serious classification for a security vulnerability. Complicating it further, the Department of Homeland Security ranks the complexity of the bug as a 1, which means even unsophisticated hackers can easily exploit this problem.
This is a problem that I will be monitoring a great deal and you should check with Scamicide on a daily basis to get the latest information you need to safely use all of your Internet connected devices. For now, I urge you to check out the Department of Homeland Security’s latest alert with links to the now available security patches. If any of your devices use the Linux/UNIX operating system or the Apple Mac OS X, you should be particularly vigilant in making sure your devices are secure. Here is a link to the Department of Homeland Security’s latest alert: https://www.us-cert.gov/ncas/alerts/TA14-268A