Monday, September 29, 2014



[Original Article: The Queensland Times] 
 
New security flaw could affect millions of websites and take years to repair

A SECURITY flaw discovered in one of the most fundamental interfaces powering the internet has been described by researchers as 'bigger than Heartbleed', the computer bug that affected nearly every computer user earlier this year.

The 'Bash bug', also known as Shellshock, is located in the command-line shell used in many Linux and Unix operating systems, leaving websites and devices power by these operating systems open to attack.

Like Heartbleed, Shellshock is a pervasive flaw that security researchers say will take years to fix properly. The responsibility to do so however rests with webmasters and systems administrators - rather than average users.

Security firm Rapid7 has rated the bug as 10 out of 10 for its severity, but "low" for complexity - with hackers able to exploit it using just three lines of code.

However, unlike Heartbleed, Shellshock will not require users to rush from site to site changing their passwords but it does give hackers another method of attack that they could potentially use to take over computers or mobile devices.

If Heartbleed's effect on users was akin to unlocking everyone's front door simultaneously, sending people scrambling back home to turn the key (ie change their passwords) then Shellshock is like giving thieves a new type of crowbar to break in to houses with - they're just as likely to use older methods, but it's still a blow for general security.

Security researchers are especially worried about its potential - but as yet unknown - effect on Apple Mac computers, which uses the Bash software which the bug exploits directly in the form of its command-line program Terminal.

Researchers think that Shellshock could be trouble for Mac users.
Robert Graham, a security expert and CEO of Errata Security told The Independent: "It's really important that people who maintain websites make sure their computers are patched as quickly as they can. Hackers are already going to all websites and trying out this bug."

Mr Graham added that as Shellshock affects "a common bit of code that is used all over the place" it will take a long time for experts to fix all affected systems. "Years from now we'll keep finding yet another device that's still not been patched," he said.

The severity of Shellshock has been recognized by even the US government, with the US Department of Homeland Security releasing a warning about the bug and providing patches to fix affected servers.

Despite this, security experts have said that the affect of Shellshock will be minimal. "Of the top 10 ways hackers will hack computers this year, this won't make the list," said Graham.

The bug itself was first identified by a security team at Red Hat, an American company that provides open-source software and has sponsored initiatives including the Fedora Project and the software for the One Laptop per Child initiative.

It's been estimated that the bug has been present for at least a decade and most likely longer. Writing about the flaw on his blog, security researcher Michal Zalewski commented that it wasn't unusual for Shellshock to have gone unnoticed for so long:

"My take is that it's a very unusual bug in a very obscure feature of a program that researchers don't really look at, precisely because no reasonable person would expect it to fail this way. So, life goes on."

 




An unforgettable umbrella that can foresee weather.



Smart shirts that can keep track of your cardio and fitness.



What took so long?!


w
Its that time of the year again.



Hungry for Server work? Want exposure to different technologies? Want to work in the CBD? Good with Customers? Sales Experience?



Mainstream support for the ever popular Windows 7 Operating System ends today.



New iOS malware spreads through infected desktop software



Brisbane based Engineering firm Beach Wagner has enlisted Netaware to manage their technology solutions



Kidnapping business data and holding it for ransom might sound like a far-fetched fantasy, but it's real and it's happening to businesses throughout Australia – and the world



A dangerous new security vulnerability has been discovered in Microsoft’s Office software, threatening to hijack users of virtually every existing version of Windows.



Microsoft has just opened data centers in Australia to provide local cloud/server hosting. Read on for more info...



A new contender in the Virtual Reality market, read on to find out who.



List for the first suburbs to receive FTTN has been released. Read on for details.



If you are in an area with low speed internet or you simply just want an increase in speed; this article is definitely worth a look.



If any of your systems; whether client or server, are Unix Based systems, you will definitely want to take a look at this article regarding the latest major security flaw.



Drop off your computer on the way to work for upgrades or repair work.



If the latest generation of iPhone's have caught your attention, you may want to take a look at this.



Netaware IT Solutions is now officially Service Agent for PIPE / TPG



Here is a step by step tutorial to enable IOS users to only view unread emails.



Is your WiFi running slow? Try this method to see what devices are connected to your network.



The latest in the fight against online piracy



Some online reviews can be helpful, completely fake or simply written by angry customers. How can you separate the useful reviews from the bad ones? Follow these steps to find the truth.



Worried about viruses, spam, what your staff are looking at online?



Considering the move to Windows 8?



Senior and Junior roles available.



A hacker group has released thousands of email passwords for Yahoo, Gmail and Microsoft's Live.com.



With the clean DNSChanger servers having been turned off, it seems the effects aren't as great as initially thought. Telstra even implemented a redirect for 1600 customers.



The servers which provided a safe internet connection for virus-infected computers are being turned off, and up to 6000 Australian's will now have no access to the internet due to their infected DNS.



Due to an oversight with iOS, it is possible for apps to access and steal informationabout your contacts list on your iPhone.



Looking to refurbish your businesses website? A few simple tricks to consider could really boost its relevance in today’s technologically obsessed world.



Want to show that special someone you care? Copy-paste this loving mathematical graph function to show them how much!



Some malware is able to edit it's code when it's downloaded to your computer to avoid detection. Could you be infected and not even know it?



We're always taught to make passwords harder to hack by making them harder to remember, but maybe it's not so useful after all.



Ever wondered how to take a screenshot on your iPhone? This video will show you how.



Tell me what I need to know...



Confused about a "Server"? Do you need a Server?



The latest installment of Office is almost here. Read all about it and download the trail.



Speed up your computer with the latest Windows Search



Is your I.T. Vendor on the ball?



We've moved into a spacier office on Wickham Terrace



Systems Engineer role available.



There are 8 different versions! Which version is best for you?



Have you heard about these computers that look like a stereo but offer so much more?



Upgrade to Microsoft Update. Automatically receive updates for Windows, Office and more..



Ever get the feeling your network should be running better? That maybe the IT guys just arn't up to scratch?



The latest buzz word that you need to know about. Find out more..



You'll hear IT people shouting this from the roof tops, can you hear them? Does your backup procedure work?



Flexirent your next I.T. Purchase and spread out the tax deductible repayments.



Hearing all this chatter about "Service Pack 2"? Wondering what all the fuss is about?



Tap into Proven Resources. Leverage Expertise. Reduce Costs. Streamline Processes. See 5 Reasons why you should Outsource your IT Department