Bigger than Heartbleed: Bash bug Threatens Internet Security


The Heartbleed bug, the major security vulnerability revealed in April, was introduced into OpenSSL more than two years ago, allowing random bits of memory to be retrieved from impacted servers. Security researcher Bruce Schneier called the flaw "catastrophic".

"On the scale of 1 to 10, this is an 11," he said, estimating that half a million websites were vulnerable. Tod Beardsley, an engineering manager at security firm Rapid7, said “even though the vulnerability's complexity was low, the wide range of devices affected require that system administrators apply patches immediately,”

He added "The affected software, Bash, is widely used so attackers can use this vulnerability to remotely execute a huge variety of devices and Web servers. Using this vulnerability, attackers can potentially take over the operating system, access confidential information, make changes etc. Anybody with systems using bash needs to deploy the patch immediately."

Attackers can possibly take over the operating system, access confidential information and make changes.

Read More: 10 Surprising Facts No One Knows About Social Media