A newly discovered security bug in a widely used piece of Linux software, known as Bash, could pose a bigger threat to computer users than the Heartbleed bug that surfaced in April, cyber experts have warned.Bash is the software used to control the command prompt on many Unix computers. Hackers could exploit a bug in Bash to take complete control of a targeted system, security experts said.
http://www.theguardian.com/technology/2014/sep/25/bug-bash-software-could-be-bigger-threat-heartbleedAlso see:Honeypot Snares Two Bots Exploiting Bash Vulnerability
A honeypot run by researchers at AlienVault Labs has snared two separate pieces of malware attempting to exploit the Bash vulnerability.One sample is a repurposed IRC bot written in Perl that is trying to build a botnet to be used in distributed denial of service attacks (DDoS), said Jaime Blasco, director of AlienVault Labs. So far, he said, there are 715 victims and there are phrases written in Romanian in the source code.
http://threatpost.com/honeypot-snares-two-bots-exploiting-bash-vulnerability/108578The biggest, baddest bug on the internet
Dubbed CVE-2014-6271, also known as ‘Shell Shock’, the newly discovered vulnerability resides in widely used piece of Linux software — known as “Bash” — which is the software used to control the command prompt on many Unix computers.However, as Huzaifa Sidhpurwala, a security engineer at Red Hat points out, since its creation in 1980 Bash has evolved from a simple terminal based command interpreter to something far more integral to the internet.
www.businessspectator.com.au/article/2014/9/26/technology/biggest-baddest-bug-internetShellshock: ‘Deadly serious’ new vulnerability found
A “deadly serious” bug potentially affecting hundreds of millions of computers, servers and devices has been discovered.The flaw has been found in a software component known as Bash, which is a part of many Linux systems as well as Apple’s Mac operating system.The bug, dubbed Shellshock, can be used to remotely take control of almost any system using Bash, researchers said.
http://www.bbc.com/news/technology-29361794Security Experts Expect ‘Shellshock’ Software Bug in Bash to Be Significant
Long before the commercial success of the Internet, Brian J. Fox invented one of its most widely used tools.In 1987, Mr. Fox, then a young programmer, wrote Bash, short for Bourne-Again Shell, a free piece of software that is now built into more than 70 percent of the machines that connect to the Internet. That includes servers, computers, routers, some mobile phones and even everyday items like refrigerators and cameras.On Thursday, security experts warned that Bash contained a particularly alarming software bug that could be used to take control of hundreds of millions of machines around the world, potentially including Macintosh computers and smartphones that use the Android operating system.
www.nytimes.com/2014/09/26/technology/security-experts-expect-shellshock-software-bug-to-be-significant.html