Shell Shocked: Researchers discover a bug worse than Heartbleed, but will anyone care?
Researchers have discovered a major bug in Unix-based operating systems said to have worse implications than Heartbleed -- the OpenSSL bug that left two-thirds of the Internet insecure by allowing attackers "complete access" to a device.
Reuters reports that the new bug can be exploited to offer "complete control of a targeted system," and everything from many Linux distributions to Apple's desktop operating system could be hit by the bug, which exploits a vulnerability in the tool used to access Unix's command prompt.
The bug is called Shell Shock, and WhiteHat Security chief executive Jeremiah Grossman told Bloomberg that its ease-of-use and ability to spread could make it scarier than Heartbleed, which took much of the Internet by storm when it was first revealed by researchers in April.
The United States Computer Emergency Readiness Team (US-CERT) has issued a warning on its website to spread word about the bug, and it notes that some operating systems -- Debian, Ubuntu, CentOS, and Redhat -- have already been updated with a fix to patch the vulnerability.
It's clear that this is a serious problem, but it's hard not to wonder if people will pay as much attention to Shell Shock as they have to Heartbleed. Its name isn't as provocative, it wasn't revealed with a well-designed website, and many people might be suffering from crisis fatigue.
Similar things have happened with the many data breaches announced over the last few years. Target's data breach was a shock. The Home Depot's was an irritation. The news that a few hundred Jimmy John's stores were compromised by an attacker barely seems newsworthy.
Forget the issues major companies have implementing basic security tools, or the ingenuity with which attackers gain access to their targets -- neither is the biggest threat to our security. Sure, they're horrifying, but they're not as scary as the idea that people just don't give a damn.