Jump to content

BASH : Deadly Serious Bug Bigger than 'Heart bleed' bug

Tech_Dreamer
By Tech_Dreamer
in Tech News
 Share
Posted

 "The Door's Wide Open.."

 

cybersecurity-620x310.jpg

 

 

A "deadly serious" bug potentially affecting hundreds of millions of computers, servers and devices has been discovered. With this flaw, criminals can potentially break computers or steal private and government information.

 

More than 500 million computers could be affected, early estimates suggest,  According to open source software company Red Hat it affects any device that uses the operating system Linux ,which includes everything from calculators to cars. But it also affects Apple Macs and some Android, Windows and IBM machines

 

 

"The bug, dubbed Shellshock, can be used to remotely take control of almost any system using Bash.. Whereas something like Heartbleed was all about sniffing what was going on, this was about giving you direct access to the system"

 

 

The problem extends to lots of Internet-connected computers located anywhere -- from shops to hospitals to schools.

 

     The flaw has been found in a software component known as Bash, Bash : AKA Bourne-Again SHell , Which is a part of many Linux systems as well as Apple's Mac operating system. it is a command prompt on many Unix computers. Unix is an operating system on which many others are built, such as Linux and Mac OS. Experts said it was more serious than the Heatbleed Bug

 

The bug was discovered by Stephane Chazelas, a French IT manager working for a software maker in Scotland.

 

 

Here's How the Bug Works..  (Robert Graham)

 

The problem stems from a flaw in the "bash," a type of computer program called a shell. A shell translates commands from you to a device's operating system. Think of it as an efficient middleman. Lots of Internet connected devices use the bash shell to run commands, like "turn on" and "turn off." Generally, a device that communicates using a bash shell also looks for extra information, like what browser or device you're using.

And that's where the problem lies. If a hacker slips bad code into this extra data, they can sneak past a device's safeguards.

 

Even a simple element such as a "smart" Internet-connected lightbulb then suddenly becomes a launchpad to hack everything else behind your network firewall, That could be your home computer, or a retailer's payment terminals, or a government office's sensitive database of information.

 

 

 

 

"Whereas something like Heartbleed was all about sniffing what was going on, this was about giving you direct access to the system,"

                                                                                                                    -  Prof Alan Woodward

 

 

Some 500,000 machines worldwide were thought to have been vulnerable to Heartbleed. But early estimates, which experts said were conservative, suggest that Shellshock could hit at least 500 million machines.

 

The problem is particularly serious given that many web servers are run using the Apache system, software which includes the Bash component.The US Computer Emergency Readiness Team (US-Cert) issued a warning about the bug,Urging system administrators to start patching.

 

However, other security researchers warned that the patches were "incomplete" and would not fully secure systems. Of particular concern to security experts is the simplicity of carrying out attacks that make use of the bug. Cybersecurity specialists Rapid7 rated the Bash bug as 10 out of 10 for severity, but "low" on complexity - a relatively easy vulnerability for hackers to capitalise on.

 

 

"Using this vulnerability, attackers can potentially take over the operating system, access confidential information, make changes, et cetera," said Tod Beardsley, a Rapid7 engineer.

"Anybody with systems using Bash needs to deploy the patch immediately."

 

 

 

 

For general home users, Prof Woodward suggested simply keeping an eye on manufacturer websites for updates - particularly for hardware such as broadband routers.

 

 

Link : (News Courtesy -BBC , CNN news)

 

https://www.us-cert.gov/ncas/current-activity/2014/09/24/Bourne-Again-Shell-Bash-Remote-Code-Execution-Vulnerability

http://www.bbc.com/news/technology-29361794

http://money.cnn.com/2014/09/24/technology/security/bash-bug/index.html

 

 

 

That's shit load of mess , Post your comments & thoughts down below..

Details separate people.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

So.. On a scale from 1 to 10, how worried should I be?

CPU: i9-13900k MOBO: Asus Strix Z790-E RAM: 64GB GSkill  CPU Cooler: Corsair H170i

GPU: Asus Strix RTX-4090 Case: Fractal Torrent PSU: Corsair HX-1000i Storage: 2TB Samsung 990 Pro

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Repost. With the sensationalist headline I predicted. 

muh specs 

Gaming and HTPC (reparations)- ASUS 1080, MSI X99A SLI Plus, 5820k- 4.5GHz @ 1.25v, asetek based 360mm AIO, RM 1000x, 16GB memory, 750D with front USB 2.0 replaced with 3.0  ports, 2 250GB 850 EVOs in Raid 0 (why not, only has games on it), some hard drives

Screens- Acer preditor XB241H (1080p, 144Hz Gsync), LG 1080p ultrawide, (all mounted) directly wired to TV in other room

Stuff- k70 with reds, steel series rival, g13, full desk covering mouse mat

All parts black

Workstation(desk)- 3770k, 970 reference, 16GB of some crucial memory, a motherboard of some kind I don't remember, Micomsoft SC-512N1-L/DVI, CM Storm Trooper (It's got a handle, can you handle that?), 240mm Asetek based AIO, Crucial M550 256GB (upgrade soon), some hard drives, disc drives, and hot swap bays

Screens- 3  ASUS VN248H-P IPS 1080p screens mounted on a stand, some old tv on the wall above it. 

Stuff- Epicgear defiant (solderless swappable switches), g600, moutned mic and other stuff. 

Laptop docking area- 2 1440p korean monitors mounted, one AHVA matte, one samsung PLS gloss (very annoying, yes). Trashy Razer blackwidow chroma...I mean like the J key doesn't click anymore. I got a model M i use on it to, but its time for a new keyboard. Some edgy Utechsmart mouse similar to g600. Hooked to laptop dock for both of my dell precision laptops. (not only docking area)

Shelf- i7-2600 non-k (has vt-d), 380t, some ASUS sandy itx board, intel quad nic. Currently hosts shared files, setting up as pfsense box in VM. Also acts as spare gaming PC with a 580 or whatever someone brings. Hooked into laptop dock area via usb switch

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author

Repost:http://linustechtips.com/main/topic/221885-very-compromising-bug-found-in-bash-utility/ and It was patched on 99% of Linux systems if you update so OS X is probably the only one really effected.

 

 

This is the fourth post on BASH I've seen

 

 

Repost. With the sensationalist headline I predicted. 

 

 

Reported :P , The thread will be removed soon, Thanks for the heads up peeps, ;)

Details separate people.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Repost. With the sensationalist headline I predicted. 

be glad i didnt make a thread on this then lol, you guys know how wild mine are

cpu: intel i5 4670k @ 4.5ghz Ram: G skill ares 2x4gb 2166mhz cl10 Gpu: GTX 680 liquid cooled cpu cooler: Raijintek ereboss Mobo: gigabyte z87x ud5h psu: cm gx650 bronze Case: Zalman Z9 plus


Listen if you care.

Cpu: intel i7 4770k @ 4.2ghz Ram: G skill  ripjaws 2x4gb Gpu: nvidia gtx 970 cpu cooler: akasa venom voodoo Mobo: G1.Sniper Z6 Psu: XFX proseries 650w Case: Zalman H1

Link to comment
Share on other sites
Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing Tech News

×