The Bash Bug: What you need to know about the latest security flaw

From Vox

Unix servers and PCs can be protected against vulnerabilities like the Bash Bug by using Valt.X software, hardware or solid state hard drives. Recover instantly from an attack. Protect yourself!

Now to the article:

Right now, security professionals are scrambling to fix a security flaw some are calling Shellshock. It's a major vulnerability related to Bash, a computer program that's installed on millions of computers around the world. There's been a lot of confusion in mainstream media accounts about how the bug works, who's vulnerable, and what users can do about it.

In this explainer, I'll first give a high-level explanation of who is vulnerable and what they can do about it. Then, for those who are interested, I'll give a more technical explanation of exactly how the Bash bug works.

Who is vulnerable?

Bash (which we'll discuss more below) is installed on many computers running operating systems derived from an ancient operating system called Unix. That includes Macs and iOS devices, as well as a lot of web servers running operating systems such as Linux.

Whether these computers are actually vulnerable depends on whether they invoke Bash in an unsafe way. We already know that this is true of many web servers, and it's believed that other types of network services could also be vulnerable. But it'll take a while for security experts to audit various pieces of software to check for vulnerabilities.

(Bwana McCall)

For the most part, consumer devices such as MacBooks and iPhones phones don't seem to be running services that use Bash in an unsafe way. That means they are probably not vulnerable to hacks from across the internet. But we won't know that for sure until security experts have had time for a careful audit.

Most Microsoft software doesn't use Bash, so users running Windows PCs, people with Windows phones, as well as websites built using Microsoft software, are probably safe from these attacks. Also, it looks like most Android phones are not vulnerable because they use a Bash alternative.


Click here to read the rest of the article...

Comments are closed for this article.