New 'Bash' Linux Bug Could Pose Bigger Threat Than 'Heartbleed'
A newly discovered security bug in a widely used piece of Linux software, known as 'Bash,' could pose a bigger threat to computer users than the ' Heartbleed' bug that surfaced in April, cyber experts warned on Wednesday. Bash is the software used to control the command prompt on many Linux computers. Hackers can exploit a bug in Bash to take complete control of a targeted system, security experts said. The 'Heartbleed' bug allowed hackers to spy on computers, but not take control of them, according to Dan Guido, chief executive of a cybersecurity firm Trail of Bits. 'The method of exploiting this issue is also far simpler. You can just cut and paste a line of code and get good results.' Tod Beardsley, an engineering manager at cybersecurity firm Rapid7, warned that the bug was rated a '10' for severity, meaning it has maximum impact, and rated 'low' for complexity of exploitation, meaning it is relatively easy for hackers to launch attacks.
'Heartbleed,' discovered in April, is a bug in an open-source encryption software called OpenSSL. The bug put the data of millions of people at risk, as OpenSSL is used in about two-thirds of all websites. It also forced dozens of tech companies to issue security patches.
IN-DEPTH SOCIAL - Reuters
First published September 24 2014, 3:39 PM