Heartbleed was certainly a problem, but thankfully developers and other teams got to work quick to patch in extra security to protect against the vulnerabilities that Heartbleed was exploiting. Tentatively things could have been much worse. Much, much worse. In fact, a new vulnerability called the Bash Bug is probably a little more akin to a “much worse” scenario, although that doesn’t mean that you should start panicking. As always however, it does mean you should start caring about it and it might not be a bad idea to re-enforce to yourself some best practices for security across all things digital, especially devices that could have the potential to be affected by Bash.
Plenty of people are already looking at and considering the Bash bug(also known as the Shellshock bug)worse than Heartbleed, and that is the first red flag, as people made such a big deal out of Heartbleed when it initially hit the scene, as they should have. While Bash is a little bit different than Heartbleed and doesn’t necessarily have the same directive, in the end the effects are worse for any machine affected by it as it’s being said that it has the potential to do some nasty damage to smaller web hosts, digital companies and more than likely any devices connected to the web. The bug was found within the Bash shell, a prominently used command shell within Linux, but is also found in Mac OSX. To recap, the bug can be found in any and all Linux and Mac OSX machines which is one of the reasons why the dangers of bash have the potential to be on a fairly grand scale. This is because both Linux machines and those running Mac OSX contain the Bash Shell where the bug can be found and used for executing attacks.
According to Errata Securities Robert Graham, Bash is bigger than Heartbleed and Bash is so widely used in many different programs that he sees no way to catalog every single piece of software that could be affected by it. As a general breakdown of what the Bash bug does, it opens up machines with the Bash command shell for attackers to run code by simply requesting information from the system. Most people probably have a firewall and may even be running extra security programs on their computers, so most likely the bug is probably not affecting your desktop or laptop, that is if you run security programs, and promptly update your system with the patches that are coming from the software companies who distribute the OS your machine is running. If you’re curious to know whether you’re affected or not, open up your Linux or Mac mahcine and find and open up the command shell, than run this line of code(listed in bold only)env x='() { :;}; echo vulnerable’ bash -c ‘echo this is a test’ What you don’t to see is the word vulnerable pop up as the answer or response to that command. A good practice is definitely to keep the firewall up if you don’t already, and look into how you can update your system to patch the Bash bug, which Linux distros Red Hat and Ubuntu have already done. The bigger issue lies more with web servers and other internet connected devices like smart home appliances, wireless routers etc. because those types of devices are required to listen to requests to perform their functions. If devices become infected with the Bash bug, they get opened up to the risk that an attacker could install malicious software that allows them to do a number of things, including potentially taking over the entire system, and execute tasks like retrieving personal information, making changes to the system, etc. The bug is dangerous, and it doesn’t hurt to be a little worried and prepared. That’s not to say you should immediately burn all your electronics and go out and buy new devices, just make sure to take precautions that can keep you from being vulnerable.