• IT Support Provider letting you down?

    There is a better way...

    Request a Quote
  • Is your head in The Cloud? Let us guide you through the Virtualisation maze...

    Call us on 01268 575300 for more information

    Request a Quote
  • Due for an IT systems upgrade or rethink? We can offer solutions for every budget.

    Call us on 01268 575300 to find out more

    Request a Quote

Shellshock: the latest major computer bug

Businesswoman with stress related headacheThe discovery of a major new computer bug was announced yesterday, which has the potential to affect Mac and Linux users.

Shellshock has been described as a “deadly serious” bug, and “about as bad as it gets”. It has the potential to affect hundreds of millions of computers, servers and devices. It can be used to easily take remote control of almost any system using a software component called Bash.

Bash stands for Bourne-Again Shell. It is a command prompt on many Unix computers. Unix is part of many operating systems, including Linux systems and Apple’s Mac operating system, and a flaw in the software component has left users vulnerable to this bug. It allows hackers to send commands to a computer without having admin status of that computer. If exploited, it will give remote attackers direct access to people’s computers. In the words of a security researcher at the University of Surrey, “the door’s wide open”.

Early estimates have suggested that more than 500 million computers could be affected by Shellshock, which would make it far more serious than Heartbleed, which was discovered in April and affected around 500,000 machines. These early estimates are said to be conservative, so many more people could be affected. Many web servers are run using the Apache system, which also includes the Bash component, so there is the potential for a very large number of people to be affected.

Patches are available from the US Computer Emergency Readiness Team (US-Cert), who issued a warning about the bug. The patches are available here, but security researchers have already warned that they are incomplete and would not leave systems fully secure. Experts have warned it could take years to fix properly, as it affects a piece of code which is used across lots of systems.

If you have concerns about how your business might be affected by Shellshock, Heartbleed or any other bugs, please give ECL a call on 01268 575300 or visit our website.

No comments :

Post a Comment