Scribd
Upload
42 views2 pages

Security: Bash / Shellshock Bug

The Heartbleed bug, reported in April 2014, allowed hackers to obtain sensitive user information from servers running the OpenSSL security standard due to a coding mistake. Hackers could send malicious signals to servers to obtain usernames, passwords, and other data sent between users and the server. While dangerous, Heartbleed allowed only spying on data and not direct system control. The Shellshock bug, reported in September 2014 for Unix-based systems like Linux, Android, and MacOS, exploited a vulnerability in the Bash shell command software that could allow hackers full control over entire systems, making it more dangerous than Heartbleed.

Uploaded by

Nirmalrahul_1990
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
42 views2 pages

Security: Bash / Shellshock Bug

The Heartbleed bug, reported in April 2014, allowed hackers to obtain sensitive user information from servers running the OpenSSL security standard due to a coding mistake. Hackers could send malicious signals to servers to obtain usernames, passwords, and other data sent between users and the server. While dangerous, Heartbleed allowed only spying on data and not direct system control. The Shellshock bug, reported in September 2014 for Unix-based systems like Linux, Android, and MacOS, exploited a vulnerability in the Bash shell command software that could allow hackers full control over entire systems, making it more dangerous than Heartbleed.

Uploaded by

Nirmalrahul_1990
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

HEARTBLEED BUG MECHANISM

When? Reported in April 2014


OpenSSL: Open Secure Sockets Layer- is a security standard
encrypting communications between user and server.
OpenSSL sends signal from user computer to sever, at regular
interval, to ensure that server is online. This mechanism is called
Heartbeat.
But there was a coding-mistake in it. Hacker could send a
malicious heartbeat (signal) to server, and server would responds
back by sending him your username, password and other sensitive
information.
Hence called heart-bleed bug.
Solution : servers need to patch their openSSL system and users need
to change their passwords.
Danger level: Heartbleed bug considered less dangerous than
Shellshock bug, because it allows hackers to only spy on the data
transfer between user and server.but he cannot control the users
system.

Security: Bash / Shellshock bug

When? Reported in September 2014


Linux, Android and Mac-OS are Unix based operating systems.
Bash is a shell-command software in Unix computers and servers.
Using a security vulnerability in this software, hacker can control
entire system.
Solution: Companies have released software patches but experts
believe theyre incomplete.

Why Shellshock more dangerous than Heartbleed?

Doesnt require professional hacking expertise. Even a scriptkiddie can copy paste a few codes and hack the system via internet.

Any internet connected device is vulnerable- even the linux system


used in cars, cameras, android phones, iphones and even the
Raspberry Pi.
Using Hearbleed, hacker could only spy on your computer but he
couldnot control your system. But shellshock permits both spying
and system-control. So, hacker can even commit first online
murder via internet of everything.

You might also like