Shellshock: A deadly new vulnerability that could lay waste to the internet
By Sebastian Anthony
ExtremeTech.com
September 26, 2014
There’s a new internet-crippling zero-day vulnerability in town called Shellshock. It potentially affects around half of all websites on the internet (around 500 million), and millions or billions more internet-connected devices such as routers, smartphones. Unlike Heartbleed, which was quite hard to exploit properly, Shellshock can be exploited with just a couple of lines of code, giving just about anyone the ability to run arbitrary code on an affected computer. In simple terms, this means that it’s now relatively simple for anyone to gain unauthorized access to a large portion of the world’s computers, and download/extract a wide variety of sensitive details. Shellshock also has the potential to be turned into a worm — a self-replicating piece of code that automatically propagates to all Shellshock-vulnerable systems, potentially causing untold damage.
But before we get ahead of ourselves with various doomsday scenarios (and Shellshock really could be one of the worst bugs to ever hit the internet), let’s discuss what Shellshock actually is first.
What is Shellshock?
In technical terms, Shellshock is a vulnerability in a Linux (or *nix) program called Bash, with the formal designation of CVE-2014-6271. In the words of the US government’s NIST agency:
The Rest…HERE
