TMCnet News
Shellshock: Bug that remained undetected for a quarter century [DNA : Daily News & Analysis (India)](DNA : Daily News & Analysis (India) Via Acquire Media NewsEdge) After Heartbleed, Shellshock is the second major blow to open source in the same year. The vulnerability that has existed for over 25 years affects Mac OS X, Linux and Unix systems allowing attackers to gain command line access of the server or system if executed properly. Although there are a few conditions to be met for the bug to get exploited if done properly it could not only mean access to the machine but access to the network through the machine as well. "Shellshock could be notably more widespread than the infamous Heartbleed from earlier this year," said Raimund Genes, CTO, Trend Micro. "Heartbleed was very different in nature and behavior. With Shellshock the threats are much more severe." "Since this situation has potential to escalate quickly, we are taking immediate preventative steps to help keep the public safe from this unprecedented vulnerability," said Eva Chen, CEO, Trend Micro. "We believe the most responsible course of action is for technology users to remain calm and apply the resources made available from Trend Micro, and others, to create a strong defensive front. By making our tools accessible free of charge to our customers, and beyond, we are trying to address this 'outbreak' to stop a possible epidemic before it can start." HD Moore, chief research officer with security software maker Rapid7, said it could take weeks or even months to determine what impact the bug will have. At this point we don't know what we don't know, but we do expect to see additional exploit vectors surface as vendors and researchers start the assessment process for their products and services," Moore said in an email. "We are likely to see compromises as a result of this issue for years to come." "There is a lot of speculation out there as to what is vulnerable, but we just don't have the answers," said Marc Maiffret, chief technology officer of cybersecurity firm BeyondTrust. "This is going to unfold over the coming weeks and months. "We don't actually know how widespread this is. This is probably one of the most difficult-to-measure bugs that has come along in years," said Dan Kaminsky, a well-known expert on Internet threats. "Check Point issued an IPS protection this morning to detect and block attempts to exploit the vulnerability. We recommend that all of our customers make the update immediately in order to secure their networks," said Dorit Dor, vice president of product at Check Point Software Technologies. "Shellshock leaves many systems vulnerable to attack, with a global impact that reaches far beyond any other network vulnerability." Credit:Krishna Bahirwani (c) 2014 @ 2014 DILIGENT MEDIA CORPORATION LTD. ALL RIGHTS RESERVED |