->
When Red Hat has discovered the existence of a bug in Bash , the Security experts have now claimed that the consequences could be more severe than those caused by Heartbleed. Given that the shell is used by millions of devices connected to the network, an attacker could cause a total blackout of the entire Internet .
The bug Shellshock, Bash present in at least 25 years, opens the door to various types of attacks, as it allows remote code execution by exploiting the ability of the shell to interpret commands that include functions. An attacker could load on the target system a malware , with which steal personal information, delete files and block a web server. According to experts, PHP applications are particularly vulnerable. The connected devices, such as routers, webcams and so-called smart appliances, will (perhaps) an update very late.
Robert David Graham of Errata Security has discovered about 3,000 vulnerable systems and, of course, many of them have already been infected . Richard Stiennon of Current Security assumes that malicious code can cause damage similar to that caused by the SQL Slammer worm in 2003 Some service providers have identified several malware that exploit ShellShock. CloudFlare and Akamai have already received a “visit” by crackers.
Many Linux distributions have been updated, but it is just temporary patch . Secunia Security said that the new version of Bash, which is distributed by GNU, is ineffective . Apple has admitted that the UNIX shell present in OS X is vulnerable , but the basic configuration guarantees maximum safety. The risk arises when users activate the advanced UNIX services. The company is working on a patch termination.
“);} else {showMsgBox (” Entry not performed
Thank you for requesting the registration, but there is a problem. “);}}, error: function (res) {showMsgBox (” Registration not done
Thank you for requesting the registration, but it is a problem. “), a generic (res);}});} return false;} RegisterOK function () {ga (‘webnewsb.send’, ‘event’ , ‘Newsletter Articolo’,’Ok’,”,1,{‘nonInteraction’:true,”metric4″:1});jQuery.cookie(‘nl’,checksum(_tag_),{path:’/’,expires:90});} AlreadyRegister function () {ga (‘webnewsb.send’, ‘event’, ‘Newsletter Article’, ‘Error: writing newsletter’,”,1,{‘nonInteraction’:true,”metric4″:1});jQuery.cookie(‘nl’,checksum(_tag_),{path:’/’,expires:90});} RegisterTagOK function () {ga (‘webnewsb.send’, ‘event’, ‘Newsletter Alert:’ + _tag _, ‘Ok’, ”, 1, {‘nonInteraction’: true, “metric5″: 1});} AlreadyRegisterTag function () {ga (‘webnewsb.send’, ‘event’, ‘Newsletter Alert:’ + _tag _, ‘Error: writing alert’, ”, 1, {‘nonInteraction’: true, “metric5″: 1} );} a generic function (res) {ga (‘webnewsb.send’, ‘event’, ‘Newsletter Article’, ‘Error:’ + res, ”, 0, {‘nonInteraction’: true});} function showMsgBox (msg) {jQuery (‘# errornewsletter’). fadeIn (‘slow’), jQuery (‘# errornewsletter’). html (‘‘ + msg + ‘‘); window .setTimeout (hideMsgBox, 4000);} jQuery (document) .ready (function ($ ) {checksum (_tag _) == jQuery.cookie (“nl”) & amp; & amp; $ (“# box-registration-newsletter”) .hide ();});
This page reproduces an original article by Webnews.it and can be used only for personal and non-commercial. The original can be found at http://www.webnews.it/?p=382065 that can be achieved using the QR Code published next to the title (if any).
No comments:
Post a Comment