October 23, 2016
Hot Topics:

Shell Shock Vulnerability Could Impact 500 Million Websites

  • September 25, 2014
  • By Developer.com Staff

Security experts are sounding the warning over a newly discovered security vulnerability in Unix, Linux and OS X that could put hundreds of millions of websites at risk. The NIST has given the flaw a 10 out of 10 rating for its severity, and developers are rushing to create and deploy patches to address the bug. Fireeye director of Threat Research Darien Kindlund warned, "This bug is horrible. It's worse than Heartbleed, in that it affects servers that help manage huge volumes of internet traffic. Conservatively, the impact is anywhere from 20 to 50 [percent] of global servers supporting web pages."

Professor Alan Woodward from the University of Surrey added, "What many do not realize is that over 50 percent of active web sites run on a web server called Apache which runs on Unix, and hence is potentially vulnerable. As we have just passed the point where there are one billion active websites, that means that something in excess of 500 million sites could be vulnerable to this security flaw."

The bug is in the Bash command prompt software used by many *nix systems, and it has been present for 22 years without being detected. Debian Linux and related distributions, including Ubuntu, usually use Dash instead of Bash, and are less vulnerable to the problem as a result. Still, everyone with a server or PC running Linux, Unix or OS X is advised to apply a patch as soon as one becomes available for their systems.

View article

Comment and Contribute


(Maximum characters: 1200). You have characters left.



Enterprise Development Update

Don't miss an article. Subscribe to our newsletter below.

Sitemap | Contact Us

Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel