Cyber experts are warning a security flaw known as the "Bash" bug may pose a serious threat to computers using Unix-based operating systems such as Linux and Mac OS X, even more grave than the "Heartbleed" bug that surfaced in April.
Bash is the software used to control the command prompt on many Unix computers. Hackers can exploit a bug in Bash to take complete control of a targeted system, security experts said.
The U.S. government's United States Computer Emergency Readiness Team, or US-CERT, issued an alert saying the vulnerability affected Unix-based operating systems including Linux and Apple's OS X.
The "Heartbleed" bug allowed hackers to spy on computers but not take control of them, according to Dan Guido, chief executive of a cybersecurity firm Trail of Bits.
"The method of exploiting this issue is also far simpler. You can just cut and paste a line of code and get good results."
Tod Beardsley, an engineering manager at cybersecurity firm Rapid7, warned the bug was rated a "10" for severity, meaning it has maximum impact, and rated "low" for complexity of exploitation, meaning it is relatively easy for hackers to launch attacks.
"Using this vulnerability, attackers can potentially take over the operating system, access confidential information, make changes, et cetera," Beardsley said. "Anybody with systems using Bash needs to deploy the patch immediately."
US-CERT advised computer users to obtain operating system updates from software makers. It said that Linux providers including Red Hat Inc. had already prepared them, but it did not mention an update for OS X. Apple representatives could not be reached.
Tavis Ormandy, a security researcher at Google, said via Twitter that the patches seemed "incomplete." Ormandy could not be reached to elaborate, but several security experts said a brief technical comment provided on Twitter raised concerns.
"That means some systems could be exploited even though they are patched," said Chris Wysopal, chief technology officer with security software maker Veracode.
"Heartbleed," discovered in April, is a bug in an open-source encryption software called OpenSSL. The bug put the data of millions of people at risk as OpenSSL is used in about two-thirds of all websites. It also forced dozens of technology companies to issue security patches for hundreds of products that use OpenSSL.
Bash is a shell, or command prompt software, produced by the non-profit Free Software Foundation. Officials with that group could not be reached for comment.
The Bash bug is also known as Shellshock.
Anda sedang membaca artikel tentang
Cyber experts warn of powerful 'Bash' computer bug
Dengan url
http://belajarbisnismen.blogspot.com/2014/09/cyber-experts-warn-of-powerful-bash.html
Anda boleh menyebar luaskannya atau mengcopy paste-nya
Cyber experts warn of powerful 'Bash' computer bug
namun jangan lupa untuk meletakkan link
Cyber experts warn of powerful 'Bash' computer bug
sebagai sumbernya
0 komentar:
Posting Komentar