p_172951_760x420-00-70

A security error called “Shellshock bug” or “Bug Bash” might prove even more devastating than Heartbleed, error that impacted approximately 500,000 computers last spring, according ktvu.com.

Computer security experts have analyzed Thursday the threat and installed patches on servers around the world to prevent the spread of the bug. Nick Weaver, a computer security researcher at the International Computer Science Institute Berkeley said that the bug is easy to operate and do not need a PhD for that.

“I searched the bug for five minutes, and soon I found I was able to hack my server,” said Weaver. He pointed that any novice hacker can infiltrate into a server with a simple line of code that exists on many operating systems, including Unix, Linux and Apple. “Metaphorically it’s like you write to the server  : Hey, run the program that let me access the computer. In less than one day I got suspicious reports from many users, ” warns expert.

hacker2

A pretty good hacker could detect the vulnerability bash and can take control of the system. Theoretically, it means the credit union online banking may be confiscated by the scammers. Ditto for routers which many institutions use to get online. Bash is a command line use in several operating systems. Since its initial release was 1989; so it can be found on literally tens of millions of computers.

Experts expect Apple to come soon with a patch to block access to the customer devices and users should install it immediately.

Update

DigitalOcean, one of the best VPS hosting companies sent an email to all of it’s customers regarding the Shellshock vulnerability:

“Shellshock” Bash Security Update
Security researchers have recently discovered vulnerabilities in Bash, referred to as Shellshock or the Bash bug. The problem is serious. Bash is used in millions of computers, giving attackers the opportunity to execute arbitrary commands on web servers and potentially access confidential information.

We’ve written up a guide to help you check whether your server is vulnerable and fix the issue. If you have any questions, please ask them in the comments section and we’ll respond quickly.

You may check for Shellshock vulnerability by running the following command at the bash prompt:

env 'VAR=() { :;}; echo Bash is vulnerable!' 'FUNCTION()=() { :;}; echo Bash is vulnerable!' bash -c "echo Bash Test"

If you see the following output, your version of Bash is vulnerable and should be updated:

Bash is vulnerable!
Bash Test

You can find more details regarding the Shellshock vulnerability here. That’s a tutorial which explains how you can protect from the Shellshock Bash Vulnerability.