‘Shellshock’ Bug – Major Security Threat or Overblown?


shellshockFollowing on the heels of the Heartbleed scare, another major vulnerability has been identified in a widely utilized software. The newly discovered security vulnerability, dubbed ‘Shellshock’, is part of Bash, the command-line shell utility common to Linux and Unix operating systems.

The vulnerability does NOT affect Windows users and the consensus among experts is that Mac users are “likely” vulnerable. However, the ubiquitous nature of Bash, which is present in countless networks and Web sites that rely on Unix and Linux operating systems, has many experts declaring Shellshock an extremely potent threat. The concern being that the flaw is so entwined with the Internet it has the potential to put millions of networks and consumer records at risk.

However, there appears to be two differing schools of thought on the actual level of threat posed by Shellshock. On the one hand we have warnings of dire consequences:

While another faction is tending to underplay the probable severity of Shellshock’s impact:

So who is right? I am certainly no security expert and do not profess to be but, as is often the case, I suspect the truth probably lies somewhere in between.

There is no doubt that, because of Bash’s ubiquitous nature, Shellshock represents a potentially serious threat but, on the other hand, the logic behind the arguments in Time Magazine’s article is compelling. I suggest you read through both stories as presented in the links above and decide for yourself.


 

Posted in:
About the Author

Jim Hillier

Jim is the resident freeware aficionado at DCT. A computer veteran with 30+ years experience who first started writing about computers and tech back in the days when freeware was actually free. His first computer was a TRS-80 in the 1980s, he progressed through the Commodore series of computers before moving to PCs in the 1990s. Now retired (aka an old geezer), Jim retains his passion for all things tech and still enjoys building and repairing computers for a select clientele… as well as writing for DCT, of course.