Nothing is safe, everything is vulnerable. This is a famous saying in the world of internet where people try their level best to protect their property with all the security measures that they can implement with their sharp minds. But in some part of the world, their is also another genius who can use his brain in a more efficient way than anyone else does, and that makes him a security threat to the system.
But this article is not about one person attacking and other one getting attacked(hacked), this time it is about each and every Linux and Unix operating system user connected to the internet. Yes, everyone of them. Not a single one is safe. Why is that? Because security analysts have encountered an error in program,or widely known as a bug, in the Bash function of all the Linux and Unix machines.
Linux and Unix machines have been using Bash functions from around 25 years. Since the time of it’s release. So this is a great number of users out there.
Major security analysts recently stated that this security issue can allow hackers to get full access of your computer. They said that this security issue might even be a bigger threat than Heartbleed. This is because, Heartbleed allowed hackers to spy on your computers but the “Shellshock” (that’s what this security bug have been named) security bug can allow hackers to get full access to your computer.
This can be done by accessing the bash function whenever it is run.
Now for Linux users, it is important to know that bash functions have been the backbone of their operating system for a long time and they can not be easily replaced,if at all , for any other method. So it is pretty understood that even if you want to run a simple program, there may/may not be a bash function attached to it. So where does this leave us is that we need to be extra sure of our security.
This threat is prevalent for any user of Linux (Ubuntu, Fedora,CentOS etc) and Unix users (Mac OS). Due to the large number of systems that will be affected by the vulnerability, companies are trying hard to create patch for the same to create their systems much more secure and to patch up this vulnerability as soon as possible. Many companies have even issued a patch for this, but they are still considered to be incomplete.
While users are waiting eagerly for an official patch form their operating system manufacturer, there is a post on StackExchange which explains some steps and methods by which you can patch your system manually. But mind you, this method requires some knowledge of the Apple Developing environment XCode and some basic knowledge of the terminal processes in Mac.
According to some renowned security analysts, this is how the new bug is explained: “The new bug has been nicknamed “Shellshock.” The vulnerability lets an outside attacker insert extra code into a Bash command. Researchers are still trying to understand the extent of the exploit, but one of the most prevalent vulnerabilities involves web servers running Common Gateway Interface (CGI) scripts, a standard method for creating dynamic content on the web. An attacker uses “environment variables” containing Bash functions in them.”
As you can see in the definition above, their is more harm to web servers at this time than some normal users like us. So System administrators and web admins must be very careful and cautious about this new bug that have come to existence recently, while it was there from the very start.
So now that the hackers have even know about its existence, they will now try more hard to exploit this hack onto more and more computers and cause trouble. Moreover this exploit have been rated as 10 in case of harmful, rating it extremely dangerous one and also rated 0 in complexity, means it is one of the most easiest exploits available. making it even more dangerous.
So what we will advice our readers is to stay alerted and wait for your system manufacturers to issue an update or patch for this vulnerability and then you also install that patch as soon as possible. Or an alternative would be to get your system patched manually until your operating system gets an official patch.
But in either case you need to make sure that you keep this bug out of your system. I know that won’t be easy, but staying away from internet, not performing long lasting bash functions and playing safe would be some things that you should be careful of. World is saying, this bug is even more harmful than Heartbleed, for a reason of course.
You can read about this bug on the National Vulnerability Database website.
So stay safe, and check back here later for more. In the meanwhile tell your view in the comments below.