Security Experts Expect ‘Shellshock’ Software Bug in Bash to Be Significant

Summary

• Shellshock can be used to take over the entire machine.
  • potentially including (something on top of the older work like UNIX or from Open Source Community.)
    • Macintosh computers
    • smartphones
      • the Android operating system.
• Shellshock was not discovered for 22 years. (from 1992 until 2014.)
• Mr. Ramey
  • has maintained the software as an unpaid hobby. (from 1992.)
  • inadvertently introduced Shellshock in a new Bash feature in 1992,
  • was not keeping comprehensive logs.
• Mr. Fox
  • the Bash inventor
  • joked that his first reaction to the Shellshock discovery was, “Aha, my plan worked.”
• Jim Zemlin
  • the executive director of the Linux Foundation
  • “Software is eating the world. The bad news is software is hard and complex.”
• Steven M. Bellovin
  • a computer science professor at Columbia University
  • “Quality takes work, design, review and testing and those are not nearly as much fun as coding,”
  • “If the open-source community does not develop those skills, it’s going to fall further behind in the quality race.”