Today’s bash bug is as big a deal as Heartbleed. That’s for many reasons. The first reason is that the bug interacts with other software in unexpected ways. We know that interacting with the shell is dangerous, but we write code that does it anyway.
Google’s Security Team revealed on Tuesday that the long obsolete, but still all too used, Secure Sockets Layer (SSL) 3.0 cryptographic protocol has a major security flaw. While SSL 3.0 has been succeeded by Transport Layer Security (TLS) 1.0, TLS 1.1, and TLS 1.
The situation with the Shellshock bug is so fluid and complicated that even insiders have trouble keeping it all straight. These questions and answers may help you to understand the bug — actually “bugs” — and what you should do about them.
Thank you for visiting USSPI. The U.S. Strategic Perspective Institute is an independent, non-partisan, 501(c)3 non-profit, public policy think tank devoted to helping America solve some of its toughest operational problems including jobs, international competition, healthcare, the environment, government transparency, and cybersecurity.
Please join our mailing list. If you subscribe, you will be asked to confirm your subscription. You promise to contact you only when it is important. You will be able to unsubscribe at any time.
This form will only be shown once during this session. Thanks!