Today’s bash bug is as big a deal as Heartbleed. That’s for many reasons. The first reason is that the bug interacts with other software in unexpected ways. We know that interacting with the shell is dangerous, but we write code that does it anyway.
Google’s Security Team revealed on Tuesday that the long obsolete, but still all too used, Secure Sockets Layer (SSL) 3.0 cryptographic protocol has a major security flaw. While SSL 3.0 has been succeeded by Transport Layer Security (TLS) 1.0, TLS 1.1, and TLS 1.
The situation with the Shellshock bug is so fluid and complicated that even insiders have trouble keeping it all straight. These questions and answers may help you to understand the bug — actually “bugs” — and what you should do about them.
Users of Microsoft ’s flagship Internet browser who visited Forbes.com on the four days following Thanksgiving were open to be hacked, two cybersecurity firms said Tuesday.