The techno-sphere is on fire again, this time with news of a newly discovered vulnerability present in a ubiquitous component of the internet infrastructure. Just a few months ago, Heartbleed gave us all a lesson on how OpenSSL works and how to secure network communications. It also demonstrated that the infrastructure we rely on has gaping security holes. At the time, experts called Heartbleed the “worst security flaw ever.” But the industry responded and the furor died down. Now, a vulnerability in Bash dubbed Shellshock has taken Heartbleed’s place as the worst ever. We’ll leave it to others to hash out which flaw deserves the title of ‘worst.’ What matters is that our infrastructure is vulnerable and there are almost certainly other exploits that haven’t be found yet. Or they have been found and just haven’t been publicised.
This latest vulnerability is within Bash, the de facto command line shell that exists on all Unix/Linux systems.