Meet Bash: the new bug that’s apparently worse than Heartbleed


Just when we thought it was all over, there’s a new bug in virtual town, and it’s called Bash bug.

A few months ago the web was up in arms about security concerns regarding the notorious Heartbleed bug. The encryption bug put OpenSSL under compromise which means that a lot of websites were forced to restructure their security in order to protect sensitive user information.

The security flaw is said to be inherent to computers’ shell which is the user interface to access operating system’s services like Command Prompt. This means that both PCs and Macs are vulnerable.

A blog post by Robert Graham from the research firm Erreta Security suggests that, similar to Heartbleed, Bash bug (also carrying the alias Shellshock) is dangerous because it “interacts with software in a number of different ways” and that an “enormous percentage of software interacts with the shell in some fashion.” He also tweeted that it’s potentially worse than Heartbleed:

Graham suggests that while modern web servers and the like will likely get patched, out-dated systems might not:

“Internet of things devices like video cameras are especially vulnerable because a lot of their software is built from web-enabled bash scripts. Thus, not only are they less likely to be patched, they are more likely to expose the vulnerability to the outside world.”

Graham does reassure us saying that while your primary servers are likely not affected by Bash bug, everything else probably is. “Scan your network for things like Telnet, FTP, and old versions of Apache (masscan is extremely useful for this). Anything that responds is probably an old device needing a bash patch. And, since most of them can’t be patched, you are likely screwed.”



Sign up to our newsletter to get the latest in digital insights. sign up

Welcome to Memeburn

Sign up to our newsletter to get the latest in digital insights.