Shellshock: Panic at 'worst ever computer bug' sees governments race to protect critical infrastructure
Consumers urged not to use credit cards online as cybersecurity experts say bug carries 'highest possible threat ratings'
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.A computer bug which could allow hackers to take control of hundreds of millions of devices all over the world has been discovered, forcing governments to take immediate steps to protect their critical infrastructure.
The security flaw, dubbed “Shellshock”, was found inside a piece of software called Bash, which is used by Apple’s Mac operating system as well as Linux systems and internet servers relied upon by governments, banks and the military.
Last night, cyber-security experts suggested that people should stop using their credit cards for online purchases until a solution to the bug, which has existed for more than 20 years, is found and distributed.
Professor Alan Woodward, a security researcher from the University of Surrey, said more than 500 million websites and hundreds of millions of devices all over the world, including wi-fi routers, may be vulnerable to the Shellshock bug. “The thing that’s concerning me most is that we don’t yet really understand how it can be exploited,” he said.
“It’s very difficult to say exactly what platforms might be vulnerable and might have been targeted, but I would recommend that you do not actively use your credit card or share a lot of sensitive information for the next couple of days, until security researchers have been able to find out more information about this situation.”
Shellshock was initially compared to the “Heartbleed” bug reported in April, a web encryption flaw which went unnoticed for more than two years and could have given hackers access to an unlimited array of customers’ secure data.
But Kasper Lindegaard, director of research at computer security firm Secunia, said the bug inside Bash was far more dangerous. “Heartbleed only enabled hackers to extract information. Bash enables hackers to execute commands to take over your servers and systems. We have only seen the tip of the iceberg so far,” he said.
A spokesperson for the Cabinet Office said the Government’s computer security advisers were attempting to tackle the problem.
“Cert-UK is working with partners and industry to ensure that organisations are able to patch their systems as soon as possible. Government is also working to ensure that its own systems are secure,” they said.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments