“…as of last week, the technology world discovered a new security vulnerability known as the Bash Shellshock Bug, potentially much more serious than Heartbleed…”
This bug, which has actually gone un-noticed (we hope) for about a decade, is found in a shell scripting command-line interpreter called BASH and it is used by administrators to give commands to computers running the Linux or Unix operating systems – these two types of operating systems that can be found on a good portion of computers in charge of controlling educational institutions, corporate businesses, email, websites, and many, many other things on the Internet.
So normally, a human or machine will give BASH commands and then BASH will let the servers running Linux or Unix perform operations and do many different administrative things. However, just last week, a flaw was discovered in which malicious users can hack in and attach extra code to BASH after initial commands are sent which will give hackers access and administrative control to the entire Linux or Unix computer.
If you are among a very small minority of home computer users running Linux or Unix then you could be vulnerablez. Also, if you are a home computer user using a Mac and currently running the latest version of their operating system Mavericks and have manually configured that system for advanced Unix services then you would be vulnerable as well.
Be that as it may, most Mac users, myself included, will not have this feature enabled. This type of service is very specific that would only be enabled for advanced server-related tasks. It wouldn’t be anything you would enable accidentally.
With that in mind, all people who use the Internet can be seriously affected indirectly. For instance, many banking, social networking sites, cloud storage businesses, and email servers use either Linux or Unix systems and with this bug baked into it, those systems can now get compromised potentially giving hackers complete control of that computer – making this potentially more serious than Heartbleed.
To minimize the damage the first thing people should do is make sure you are not using the same username, or at least the same password for multiple online accounts. Now, I know that makes it much more difficult and inconvenient for people as they will be forced to remember many different usernames and passwords. So, to remedy that I would recommend a free password manager called LastPass.
LastPass is a plugin you install into your web browser and it will capture and remember all of your unique usernames and complex passwords and store them in an encrypted vault so when you get to a site and are asked to type in your username and password all you need to know is just one master password to unlock LastPass so it will then automatically fill in your login information for you. This will give you the freedom to create complex and unique logins for every site minimizing risk related to the Shellshock bug. If you go to www.lastpass.com you can find out further information.
Leave a Reply