The Shellshock bug
It’s worse than the Heartbleed bug from April.
Rather than only targeting individuals, the Shellshock computer bug is targeting servers that are hosted on the internet. If the server is using the Mac OS X or Linux operating system, it is vulnerable at this time. This will include servers used by businesses, e-commerce, financial institutions and certain portions of government. In targeting these types of serves, the bug allows hackers not only to siphon off information, but also to gain control of the server. They then could have control of millions of accounts full of personal information.
In addition to its severity, the bug is apparently fairly simple to use which means that even relatively amateur hackers could exploit it. Experts, including the manufacturers of the Mac OS X and Linux operating systems, are working furiously to correct the problem. A patch was created yesterday, however, it is not strong enough to fix the problem entirely. The link for the patch is below. Both the U.S. and U.K. have issued severity warnings for this virus and are warning individuals and businesses to be aware.
While a solution to Shellshock is being created, experts are recommending that consumers refrain from actively using their credit card online, or setting up any new online accounts that involve personal, sensitive information.
For more information:
Wired.com – how hackers are already exploiting the bug
Independent.co.uk – includes information and statements from the UK
The Guardian – includes steps if you are a business using one of the affected operating systems
Red Hat Customer Portal – the official announcement and current patch fix from the vendor