Shellshock is a bug that uses a vulnerability in the common Unix command execution shellbash (Bourne-Again SHell) to potentially enable hackers to take control of the machine and remotely execute arbitrary code directly into the system.
Because it preys on the Unix bash shell, which is utilized by most other major desktop and mobile operating systems like Linux, Mac OS X, iOS, Google Android and even Microsoft Windows, Shellshock has the potential to attack many types of systems and devices. To date, though, reports of Shellshock in the wild have been fairly limited, with the most prominent attacks targeting Web-facing servers and Network-Attached Storage devices (NAS).
It’s also believed that operating systems like OS X and Windows do not expose bash to attacker-supplied input, which Shellshock would need to be able to control the computer. There remains the possibility, though, that other vulnerabilities could be discovered that would provide a way into the system for Shellshock or variants of the Shellshock bug.
Shellshock Shares Similarities with Heartbleed
Shellshock shares similarities with the Heartbleed bug that gained widespread attention in early 2014. Both are examples of arbitrary code execution (ACE) vulnerabilities, and they both make it possible for a hacker to exploit a wide range of computers, servers and other devices.
Whereas Heartbleed only infiltrated the security layer of the system though, the Shellshock bug compromises the center of the operating system itself.
Shellshock Bug a Perfect 10 in Severity
The National Institute of Standards and Technology has rated the Shellshock vulnerability as a 10 out of 10 in terms of severity, impact and exploitability. Compounding the problem, Shellshock is also ranked low on the complexity scale, which means it has the potential to easily be used by a large percentage of hackers.
- Retina HD Display
Retina HD Display is a marketing term first introduced by Apple with the debut of its iPhone 6 and iPhone 6 Plus smartphones. Retina HD Displays have a high-definition quality resolution and pixel density of at least 326 pixels per inch, which is sufficiently high enough for the average person to be unable to discern […]
- Abstract Data Type
Abstract data types are mathematical models of a set of data values or information that share similar behavior or qualities and that can be specified and identified independent of specific implementations. Abstract data types, or ADTs, are typically used in algorithms. An abstract data type is defined in term of its data items or its […]
- an Enterprise Collaboration Platform
In enterprise collaboration the platform generally refers to the system that combines tools and processes to ensure employees can connect and collaborate with the people, information and the resources they require at any given time. Collaboration Tools Collaboration platforms typically include an email client, Web conferencing, social media sharing, video capabilities, document sharing capabilities, instant […]
- Enterprise Collaboration
Often abbreviated as EC, enterprise collaboration is a communications system used by employees (see “Enterprise Collaboration Systems”) to collaborate and complete work tasks across departments within the enterprise. Enterprise collaboration combines a number of tools, Internet, extranets and other networks as needed to support enterprise-wide communications, such as sharing documents, enterprise email systems, videoconferencing, project […]
- Google Dorking
Google Dorking is a term that refers to the practice of applying advanced search techniques and specialized search engine parameters to discover confidential information from companies and individuals that wouldn’t typically show up during a normal web search. Hackers can use Google Dorking tactics to reveal information that companies and individuals likely intended not to […]