Friday, 26 September 2014

more worse than " Heart Bleed " - " Shellshock "

One more Bug or Flaw called " Shellshock " could be make more severe threat than " Heart Bleed " bug, which affected OpenSSL encryption software that is used in about 67% of web servers, and also many of consumers and business products.

Compared to Heart Bleed - Shellshock can bring severe threat than other, where Heart Bleed can only steal passwords and usernames but shellshock has potential to make control over server.

On Thursday, experts warned that Shellshock aka Bash can make more damage to the servers especially servers that run Unix, Linux  and Apple operating systems.

"Shellshock is just a piece of code, even a novice hacker can hack server by simply adding the piece if code in the bash software program, it is so easy, you don't need a Ph.D" says Nick Weaver, a security researcher at the International Computer Science Institute & UC Berkeley.

The malicious software can take control of an infected machine, launch DOS (denial-of-service) attacks to disrupt websites, and also scan for other vulnerable devices, including routers, said Kaspersky researcher David Jacoby. 

And there is no effect on the servers running windows operating systems because they won't run Bash Software.

How it Works?

Operating systems has a type of program called shell which runs commands like " open file " , " Delete file ". Shellshock modifies the lines  of code or append to it. So, one can trick Bash into running any command that I want. 

The most serious issues have already been fixed, and a complete fix is well underway.

By Applogic IT Solutions India Pvt Ltd

No comments:

Post a Comment