Just when you thought computer security couldn’t get any worse, it did. Much worse.
Remember the Heartbleed bug a few months ago? This new “Shellshock” bug is at least as widespread and, in many ways, even worse.
Web servers are responsible for presenting the information you see and read when browsing the Internet. Your web browser (Chrome, Firefox, Internet Explorer, Safari, etc.) is responsible for displaying the information retrieved from a web server.
The majority of web servers on the Internet run a variant of the UNIX operating system, including Linux. According to W3Techs Web Technology Surveys, 66.9% of all web servers are running a UNIX operating system variant, which includes the Apple OSX operating system,
This Shellshock vulnerability is specific to what is called the bash shell on these UNIX systems. Think of the bash shell as a command line interface for doing things without a mouse and graphics.
That alone is bad enough, but what makes this so particularly troubling is the Apache HTTP (web) server is what is used on these systems for serving up your cat videos and memes and it uses the bash shell for processing certain commands.
That means that nearly 2/3 of all web servers are vulnerable to a hacker maliciously embedding code or taking over a web server. With that, the malicious hacker could load a virus, worm, or trojan on YOUR computer when you visit an affected website.
Let me make this worse for you. Not only could bad guys exploit this to infect you, they could exploit this to take over corporate networks, and possibly even your smartphone. That’s right your smartphone.
Suddenly the Target and Home Depot hacks appear to be small-time operations.
And like the Target and Home Depot hacks, you are almost helpless. If you are a network or web administrator, immediately patch all of your systems. Right now.
If you aren’t a tech administrator, follow all of my basic rules on how to protect yourself from my article HERE
And if you want a little more detail reading on the Shellshock bug, take a look at U.S. Department of Homeland Security National Cyber Awareness System report HERE