Menu

New Bug Could Expose Personal Data, Online Details

A new online security bug that hacks code used in popular operating systems has experts at odds over whether it is a high-risk threat, or one to take lightly.

"Shellshock," a new security threat detailed by experts on Friday, leaves an exploitable hole in popular operating systems based on programs Linux and Unix. That includes those used by Apple and the web servers Apache, which run "at least half of the world's websites," according to USA Today.

Those using Microsoft Windows are not affected, according to multiple news reports.

Get LifeLock protection now.

Reactions are mixed as to the severity of the threat.

Apple officials responded to the threat on iMore.com, saying that most OS X users are not affected, and a patch is forthcoming for those who remain vulnerable.

But according to BBC.com, experts already have found attacks on websites and servers through Shellshock. Specifically, BBC reported, attackers were crafting networks of hacked machines — called botnets — taking control of them and ordering them to do assorted tasks.

The BBC reported that one botnet was directed to overload certain websites with junk data in an attempt to knock them offline. Another botnet was ordered to search for new computers vulnerable to Shellshock.

Both the United Kingdom and the United States have given Shellshock high threat warnings, according to the BBC and other sources. Richard Stiennon, a Forbes contributor who writes about IT security, called Shellshock "one of the easiest exploits ever to incorporate into just about any attack scenario."

However, others say the risk is low. Rene Ritchie, editor in chief of iMore, says most Internet users should "be informed but don't panic."

"Stay informed, stay updated, but also understand that there's no real reason for significant concern at this point," Ritchie wrote.

At PCWorld.com, senior writer Brad Chacos reports that personal computers are at much lower risk than servers or routers. If your computer is operating behind a firewall, it is most likely protected. Servers or routers, on the other hand, could be manipulated.

To see if your computer is vulnerable, Chacos and others recommend running a simple test:

  • Open the "Terminal" program on your computer. (If you don't know where Terminal is on your Mac, open Finder and type "Terminal" in the search box under the setting, "This Mac".)
  • Type the following code:

    $ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

  • If your system is vulnerable to the bug, you'll see this response:

vulnerable

this is a test

  • If your system already has been patched, you'll see this response:

$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test" bash: warning: x: ignoring function definition attempt bash: error importing function definition for `x' this is a test

Even if your system is vulnerable, PCWorld reports that users still shouldn't stress. According to the website, OS X systems are by nature protected from hacking, except for advanced users who configure the operating system themselves. A software update quickly should fix that, PCWorld reported.

Still, website Krebs On Security reported that Shellshock "is so intertwined with the modern Internet that it could prove challenging to fix, and in the short run is likely to put millions of networks and countless consumer records at risk of compromise."

Only time might tell which side gets it right.

4 Million Members and Counting

Testimonial-Casey

"I would compare LifeLock to having that big older brother."- Casey S.

Testimonial-jamie

"All of my personal information, even my social security card, was taken".- Jamie A.


Sign up in minutes,
protection starts immediately.

Start Your Membership