A new bug has been discovered by Stephane Chazelas in the Bourne-Again Shell (BASH). For Linux and other UNIX variants the shell is fundamental to the operation of the system and for a flaw to be found in this is serious problem. We have noted that some industrious journalists are already terming the problem BASH-Bleed, supposedly in reference to the well known and recent Heartbleed vulnerability. In contrast to the Heartbleed bug, which potentially exposed sensitive data which may have lead to user accounts becoming compromised, a Shellshock attack is a direct compromise of the server and all of the data therein.
How safe is my iCloud?
With the recent compromise of celebrity accounts on Apple’s iCloud, most likely due to a vulnerability that allowed unlimited brute forcing, there is understandably some debate about how such services can be used securely. Whilst as security professionals we inevitably come back to the point that no technology will ever be 100% secure, it does appear that in this instance the attack was relatively trivial in nature. What made it so effective was that victims (and many users alike) were unfamiliar with Continue reading