Cyber experts warn of 'Bash' bug - KSWO 7News | Breaking News, Weather and Sports

Cyber experts warn of 'Bash' bug

By BARBARA ORTUTAY

AP Technology Writer NEW YORK (AP) - New warnings are emerging of a security flaw known as the "Bash" bug, which cyber experts say may pose a serious threat to computers and other devices using Unix-based operating systems such as Linux and Mac OS X.

Beyond computers, devices ranging from home Internet routers to systems used to run factory floors and power plants to medical equipment could be affected.

The Department of Homeland Security's Computer Emergency Readiness Team issued a warning about the vulnerability this week. Experts are divided over whether the bug could pose a bigger threat than the "Heartbleed" computer security flaw discovered earlier this year.

Security company Rapid7 said that while the vulnerability "looks pretty awful at first glance," hackers will not be able to exploit most systems running the affected Bash software. The Heartbleed bug exploited a key piece of security technology used by hundreds of thousands of websites. For more than two years before it was discovered, the flaw exposed passwords and other sensitive data to hackers who could steal that information.

The reason the Bash bug could be worse than Heartbleed is because it gives the attacker a bigger advantage than Heartbleed did, said Tod Beardsley, engineering manager at Rapid7. With Heartbleed, attackers could get an information leak. With the Bash bug, they can get "remote code execution," a way to take control of the affected device to install programs or run commands, he said. The bug is rated a maximum 10 out of 10 for its impact and ease of exploitability by the Common Vulnerability Scoring System, an industry standard for assessing how bad security flaws are.

On the other hand, a perfect set of conditions need to be present for the bug to be open to exploitation. That could limit its effect.

The vulnerability was discovered by Stephane Chazelas of Akamai Technologies Inc. The company said in a blog post Wednesday it has no evidence that any systems were compromised using the bug.

"And unfortunately, this isn't 'No, we have evidence that there were no compromises;' rather, 'We don't have evidence that spans the lifetime of this vulnerability.' We doubt many people do - and this leaves system owners in the uncomfortable position of not knowing what, if any, compromises might have happened," Akamai said in a blog post on Wednesday. Bash was released in 1989.

As for what to do, Beardsley said to wait for the slew of patches that device makers and others will be releasing in the coming weeks.

Copyright 2014 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

  • Local NewsNewsMore>>

  • Police: Suspect dead after wounding 3 Kansas City officers

    Police: Suspect dead after wounding 3 Kansas City officers

    Sunday, July 15 2018 2:28 PM EDT2018-07-15 18:28:56 GMT
    Monday, July 16 2018 2:26 PM EDT2018-07-16 18:26:51 GMT
    (Source: KHSB/CNN)(Source: KHSB/CNN)

    Authorities are searching for a suspect in the shooting of two police officers in Kansas City, Missouri. Police spokesman Jacob Becchina said Sunday that the officers' conditions aren't available.

    Authorities are searching for a suspect in the shooting of two police officers in Kansas City, Missouri. Police spokesman Jacob Becchina said Sunday that the officers' conditions aren't available.

  • Deadly fire shuts down key route to Yosemite National Park

    Deadly fire shuts down key route to Yosemite National Park

    Sunday, July 15 2018 2:04 PM EDT2018-07-15 18:04:23 GMT
    Monday, July 16 2018 2:26 PM EDT2018-07-16 18:26:41 GMT
    (Andrew Kuhn /The Merced Sun-Star via AP). Crews battle the Ferguson Fire along steep terrain behind the Redbud Lodge along Highway 140 near El Portal in Mariposa County, Calif., on Saturday, July 14, 2018.(Andrew Kuhn /The Merced Sun-Star via AP). Crews battle the Ferguson Fire along steep terrain behind the Redbud Lodge along Highway 140 near El Portal in Mariposa County, Calif., on Saturday, July 14, 2018.

    A wildfire that killed a California firefighter has grown quickly and forced the closure of a key route into Yosemite National Park.

    A wildfire that killed a California firefighter has grown quickly and forced the closure of a key route into Yosemite National Park.

  • Putin says he wanted Trump to win in 2016, didn't interfere

    Putin says he wanted Trump to win in 2016, didn't interfere

    Monday, July 16 2018 12:57 PM EDT2018-07-16 16:57:16 GMT
    Monday, July 16 2018 2:24 PM EDT2018-07-16 18:24:38 GMT
    (AP Photo/Alexander Zemlianichenko). U.S. President Donald Trump, left, shakes hand with Russian President Vladimir Putin during a press conference after their meeting at the Presidential Palace in Helsinki, Finland, Monday, July 16, 2018.(AP Photo/Alexander Zemlianichenko). U.S. President Donald Trump, left, shakes hand with Russian President Vladimir Putin during a press conference after their meeting at the Presidential Palace in Helsinki, Finland, Monday, July 16, 2018.
    Trump says he raised election meddling with Putin, but says both sides to blame for bad relations.
    Trump says he raised election meddling with Putin, but says both sides to blame for bad relations.
Powered by Frankly