TECHNOLOGY
A newly discovered security bug in a widely used piece of Linux software, known as "Bash," could pose a bigger threat to computer users than the "Heartbleed" bug that surfaced in April, cyber experts warned on Wednesday.
Bash is the software used to control the command prompt on many Unix computers. Hackers can exploit a bug in Bash to take complete control of a targeted system, security experts said.
The Department of Homeland Security's United States Computer Emergency Readiness Team, or US-CERT, issued an alert saying the vulnerability affected Unix-based operating systems including Linux and Apple Inc's Mac OS X.
The "Heartbleed" bug allowed hackers to spy on computers but not take control of them, according to Dan Guido, chief executive of a cybersecurity firm Trail of Bits. "The method of exploiting this issue is also far simpler. You can just cut and paste a line of code and get good results."
Tod Beardsley, an engineering manager at cybersecurity firm Rapid7, warned the bug was rated a "10" for severity, meaning it has maximum impact, and rated "low" for complexity of exploitation, meaning it is relatively easy for hackers to launch attacks.
"Using this vulnerability, attackers can potentially take over the operating system, access confidential information, make changes, et cetera," Beardsley said. "Anybody with systems using Bash needs to deploy the patch immediately."
US-CERT advised computer users to obtain operating systems updates from software makers. It said that Linux providers including Red Hat Inc had already prepared them, but it did not mention an update for OS X. Apple representatives could not be reached.
Tavis Ormandy, a Google Inc security researcher, said via Twitter that the patches seemed "incomplete." Ormandy could not be reached to elaborate, but several security experts said a brief technical comment provided on Twitter raised concerns.
"That means some systems could be exploited even though they are patched," said Chris Wysopal, chief technology officer with security software maker Veracode.
He said corporate security teams had spent the day combing their networks to find vulnerable machines and patch them, and they would likely be taking other precautions to mitigate the potential for attacks in case the patches proved ineffective.
"Everybody is scrambling to patch all of their Internet-facing Linux machines. That is what we did at Veracode today," he said. "It could take a long time to get that done for very large organizations with complex networks."
"Heartbleed," discovered in April, is a bug in an open-source encryption software called OpenSSL. The bug put the data of millions of people at risk as OpenSSL is used in about two-thirds of all websites. It also forced dozens of technology companies to issue security patches for hundreds of products that use OpenSSL.
Bash is a shell, or command prompt software, produced by the non-profit Free Software Foundation. Officials with that group could not be reached for comment.
Prayagraj sees unprecedented crowds, traffic jams leave devotees without food, water amid Mahakumbh
Tirupati Laddu Prasadam row: CBI arrests four people in ghee adulteration case
JEE Mains 2025 Result: NTA JEE Session 1 result to be declared on..., know how to download scorecard
Donald Trump reveals BIG plan, says committed to 'buy and own' Gaza, allow others to...
Radhika Merchant dances her heart out at her friend's wedding to 'Anarkali Disco Chali', Watch
Did Lionel Messi’s son Thiago score 11 goals in single match for Inter Miami? Here's the truth
India vs England: Rohit Sharma goes past Chris Gayle in all-time ODI list led by Shahid Afridi
Ed Sheeran BREAKS silence after Bengaluru cops stop his street performance: 'It wasn't just...'
India gains, Pakistan struggles: Forex reserves rise to Rs 55300044 crore, Pak's decline continues
IND vs ENG: Rohit Sharma returns to form before Champions Trophy, slams 32nd ODI century vs England
'Mummy daantegi...': Little boy screams as tiger pulls his shirt at zoo, WATCH viral video
Manipur CM N Biren resigns nearly two years after ethnic violence in state
Viral Video: Women travel in train toilet to Maha Kumbh, internet says "Is this a joke?
Vicky Jain's 'bizarre' comment leaves wife Ankita fuming with anger, netizens declare him 'red flag'
Bengaluru cops stop Ed Sheeran's street performance, video goes viral - Watch
Viral video: Lion spotted on moving jeep? Here’s the truth
YouTuber Gaurav Taneja reveals he was 'shocked' over his wife's decision to...
Teddy Day 2025: Date, history and significance of the fourth day of Valentine’s week
'Sugar is the biggest toxin...': Naga Chaitanya calls sugar more toxic than alcohol and tobacco
‘Over for Blinkit, Zepto’, this startup claims ‘delivering humans’ in 10 minutes, shocks netizens
Pratik Gandhi on his struggles, managing job with acting: 'Chaar gante sona luxury tha' | Exclusive
Why did Kumar Vishwas' wife cry after Manish Sisodia lost Delhi Elections: 'Not always power...'
'Fast and Furious' cars collision creates a Rohit Shetty scene on Indian road, viral video
'Go to the room, cry...': Salman Khan's wisdom on love, breakup is all you need this Valentine's Day
Parvesh Verma, BJP leader who defeated Arvind Kejriwal, makes BIG claim, says, 'we have to do...'
Sumona Chakravarti on joining Kapil Sharma show: 'Went from Ram Kapoor's sister to...'
Is Elon Musk still interested in buying TikTok? Tesla CEO provides BIG update, claims...
Groom's mother and mama join hands to burn the dance floor down, viral video sets internet on fire
What is historic 'Blue Gold', costlier than real gold?
Salman Khan opens up about his daddy issues with Salim Khan: 'How can he be right all the time...'
Powerful 7.6 magnitude earthquake jolts Caribbean, tsunami advisory issued
Salman Khan supports Sooaj Barjatya, pens note on his OTT debut, calls his show Bada Naam Karenge...
Little girl's energetic dance to 'London Thumakda' leaves netizens in awe, WATCH viral video
Meet man who left IIT, later earned Rs 286 crore in just 20 weeks by...
Viral Video: Sadhus playing cricket at Mahakumbh mela wins hearts online, watch
Happy Chocolate Day 2025: Wishes, WhatsApp messages, quotes to share with your partner on February 9
Meet woman, who plays key role in Rs 33661 crore company, daughter of billionaire
Vicky Kaushal and Akshaye Khanna didn't talk to each other on the Chhaava sets because...
Nita Ambani, Nick Jonas share candid moments at Siddharth Chopra's wedding, WATCH viral video
UPSC Civil Services Prelims Exam 2025 registration date extended by 7 days; apply at upsc.gov.in
'Fight for progress of Delhi will continue', says LoP Rahul Gandhi after Congress's Delhi debacle