Cyber experts warn of Bash bug

first_imgNEW YORK — New warnings are emerging of a security flaw known as the “Bash” bug, which cyber experts say may pose a serious threat to computers and other devices using Unix-based operating systems such as Linux and Mac OS X.Beyond computers, devices ranging from home Internet routers to systems used to run factory floors and power plants to medical equipment could be affected.The Department of Homeland Security’s Computer Emergency Readiness Team issued a warning about the vulnerability this week. Experts are divided over whether the bug could pose a bigger threat than the “Heartbleed” computer security flaw discovered earlier this year. Security company Rapid7 said that while the vulnerability “looks pretty awful at first glance,” hackers will not be able to exploit most systems running the affected Bash software. The Heartbleed bug exploited a key piece of security technology used by hundreds of thousands of websites. For more than two years before it was discovered, the flaw exposed passwords and other sensitive data to hackers who could steal that information.The reason the Bash bug could be worse than Heartbleed is because it gives the attacker a bigger advantage than Heartbleed did, said Tod Beardsley, engineering manager at Rapid7. With Heartbleed, attackers could get an information leak. With the Bash bug, they can get “remote code execution,” a way to take control of the affected device to install programs or run commands, he said. The bug is rated a maximum 10 out of 10 for its impact and ease of exploitability by the Common Vulnerability Scoring System, an industry standard for assessing how bad security flaws are.last_img read more