Bash (Bourne-Again Shell) is a piece of software that is built into over 70
percent of machines such as servers, computers, routers, and some mobile
phones. Rumor has it that Bash contained a software bug (Shellshock) that could
be used to take over millions of machines around the world. Shellshock is the
offspring of the Heartbleed bug that was discovered last spring in many software’s.
The key difference between the two crucial bugs is that, Heartbleed stole
passwords from servers, while Shellshock is much more of a threat than that. It
can take over an entire machine. According to New York times, click
here Heartbleed "went unnoticed for two years and affected an estimate
500,000 machines, but shellshock was not discovered for 22 years." Many
think that it’s surprising that a bug could go unnoticed for two decades, but
not to programmers. Researchers say it would be more difficult for this bug to
reach your personal laptop rather than one that is connected to the server due
to the fact that people would have to join a public network that hackers knew
you were connected to in order for them to work. In order for these bugs to be
fixed, Mr. Bellovin, a computer science professor, states that in order for this
bug issue to be solved, the open source community has to be less consumed
with the new features rather than quality. Quality is more important than the
new features and those skills need to be developed or it’s going to fall behind
the quality race and technology will start to decline drastically.Monday, October 6, 2014
"Shellshock" Bug to make an Impact
Bash (Bourne-Again Shell) is a piece of software that is built into over 70
percent of machines such as servers, computers, routers, and some mobile
phones. Rumor has it that Bash contained a software bug (Shellshock) that could
be used to take over millions of machines around the world. Shellshock is the
offspring of the Heartbleed bug that was discovered last spring in many software’s.
The key difference between the two crucial bugs is that, Heartbleed stole
passwords from servers, while Shellshock is much more of a threat than that. It
can take over an entire machine. According to New York times, click
here Heartbleed "went unnoticed for two years and affected an estimate
500,000 machines, but shellshock was not discovered for 22 years." Many
think that it’s surprising that a bug could go unnoticed for two decades, but
not to programmers. Researchers say it would be more difficult for this bug to
reach your personal laptop rather than one that is connected to the server due
to the fact that people would have to join a public network that hackers knew
you were connected to in order for them to work. In order for these bugs to be
fixed, Mr. Bellovin, a computer science professor, states that in order for this
bug issue to be solved, the open source community has to be less consumed
with the new features rather than quality. Quality is more important than the
new features and those skills need to be developed or it’s going to fall behind
the quality race and technology will start to decline drastically.
Subscribe to:
Post Comments (Atom)
It's crazy to think that a bug can go un-noticed for that long. The shellshock bug sounds like something out of a science fiction movie. It's disconcerting to think that we are not safe on our own computers.
ReplyDelete