Earlier in the year it was Heartbleed and now there is another bug that has been uncovered, Shell Shock, which could be even more problematic. Many outlets have covered the topic and NPR did a good job breaking down, the who, what, where and what potential steps to take.
From the article:
Hundreds of millions of computers and networks are at risk after a bug called Shellshock was found this week. It turns out it’s actually been around for a while — it took 22 years to discover this bug. If exploited by hackers, the impact could be huge.
What has security companies so worried is the wide scope of the systems affected and the potential here for wreaking havoc for systems connected to the Internet. Shellshock affects websites and computers running operating systems such as Mac OS and Linux. And it’s estimated that more than 80 percent of the Internet serves websites on the software affected by this bug. Just hours after this security flaw was announced, it was already being exploited. A few things to keep in mind:
I suggest reading the whole article on NPR
One thing of note, If you’re running Windows, you’re in the clear, as the vulnerability does not affect Microsoft Windows users. Operating-systemwise, Mac users are more at risk here, though Apple says most OS X users are safe. There’s likely going to be an operating system update or patch for anyone running a Mac. So keep up to date with any software updates, and update your computer and mobile devices as those are released.
CBC News reports that there is no easy fix but does lay out a few tips:
1. Protect your identity
The biggest risk from the Bash exploit to the average computer user is if a hacker gains access to a company or government server containing thousands of people’s confidential account information, credit card numbers and other personal data. It’s up to the server’s operators to protect against exploits in light of the Bash vulnerability, but anyone can help fend off identity theft or financial fraud by taking standard precautions like signing up for credit monitoring, periodically getting a free credit report and checking it, not giving out personal information to telemarketers or people who pose as them, tightening your Facebook privacy settings, and generally posting less personal information on public websites like LinkedIn or Twitter.
2. Use unique, strong passwords
If a cyber-attacker manages to use the Bash exploit to infiltrate a server containing your login and password info for one of your online accounts (such as email), it would be a cinch to get into others if you use the same password for them all. So be sure to use unique, and strong, passwords for each sensitive website you use, such as banking, email, workplace servers, online shopping and government benefits.
3. Check all your online accounts regularly
4. Wait for companies to recommend patches and password changes
5. If you run Linux, Unix or a server, patch it
According to another article on CBC some Hackers have already exploited the bug.
Hackers have begun exploiting the newly identified Shellshock computer bug, also widely known as the “Bash bug,” using fast-moving worm viruses to scan for vulnerable systems and then infect them, researchers warned on Thursday.
Shellshock is the first major Internet threat to emerge since the discovery in April of Heartbleed, which affected OpenSSL encryption software that is used in about two-thirds of all web servers, along with hundreds of technology products for consumers and businesses.
Do not take this lightly make sure you spend a little time checking out your online accounts and if you use Linux or OS keep up on all the info coming out.