To many, the ins and outs of computers can be a mystery. Few know why or how a computer works the way it does; they just see the result. However, there are people out there who know how and why everything works the way it does.
Hackers are computer programmers gone rogue. To them, a computer is like a puzzle. All they need to do is find the right pieces to solve the puzzle. In this case, the pieces of the puzzle hackers look for are places of vulnerability, or bugs, in the coding of programs.
Heartbleed is one such bug discovered in February and was officially fixed in April. Simply put, Heartbleed allowed people to find random bits of information from websites like Amazon.com, which could have contained usernames, passwords and other security information like credit card numbers.
It took one year for people to discover Heartbleed, so it was easy for people to fix. However, on Sept. 12, another such bug was discovered and was named Shellshock. This bug took 30 years to discover and is currently on millions of devices around the world.
“It is much more dangerous than Heartbleed, in comparison, because Heartbleed was kind of like everybody could pan for gold and hope to find something, whereas Shellshock you have to hunt for it a little bit, but then once you have access, you have full access,” John Gillis, a computer engineering major at the University of Missouri-Columbia, said. “This bug that allows Shellshock to happen, … some sources trace it back to a version of Bash, which is the program that has the bug, back to Sept. 1989. So anything that had Bash installed on it since then has to be patched.”
Gillis said the 30-year span is the biggest threat with this bug because fixing every single device it exists on is almost near impossible. His advice is to keep everything up to date with the current version available.
“The way Shellshock works is it depends on these variables, these snippets of code that programs can pass from one to another, and the way they use this is it is the glue between one program and another,” Gillis said. “One was written this way and another was written by someone else in a different way and they need a way to talk, so they can use what are called environment variables.”
Shellshock causes these environment variables to become vulnerable. Since every Wi-Fi router uses them to communicate to each device it connects to, people should be very cautious when it comes to connecting to Wi-Fi networks that are unknown. Gillis said every router contains this bug.
“I have Malwarebytes and malware software. I also have Windows Defender, which comes with the computer,” senior Andy Kegley said. “Common sense [while using computers] is the easiest thing to use to not get viruses and things. I changed my Google password … and I think I also changed my [PlayStation Network] password, as well.”
Even though this bug is very dangerous, Gillis said it will probably not affect most people at this point.
“I think the key takeaway for consumers is don’t get terribly worried,” Gillis said. “Now that people know about it and it has been a few weeks, it is becoming less and less severe because more and more people are patching their systems.”
By Abdul-Rahman Abdul-Kafi
Hackers are computer programmers gone rogue. To them, a computer is like a puzzle. All they need to do is find the right pieces to solve the puzzle. In this case, the pieces of the puzzle hackers look for are places of vulnerability, or bugs, in the coding of programs.
Heartbleed is one such bug discovered in February and was officially fixed in April. Simply put, Heartbleed allowed people to find random bits of information from websites like Amazon.com, which could have contained usernames, passwords and other security information like credit card numbers.
It took one year for people to discover Heartbleed, so it was easy for people to fix. However, on Sept. 12, another such bug was discovered and was named Shellshock. This bug took 30 years to discover and is currently on millions of devices around the world.
“It is much more dangerous than Heartbleed, in comparison, because Heartbleed was kind of like everybody could pan for gold and hope to find something, whereas Shellshock you have to hunt for it a little bit, but then once you have access, you have full access,” John Gillis, a computer engineering major at the University of Missouri-Columbia, said. “This bug that allows Shellshock to happen, … some sources trace it back to a version of Bash, which is the program that has the bug, back to Sept. 1989. So anything that had Bash installed on it since then has to be patched.”
Gillis said the 30-year span is the biggest threat with this bug because fixing every single device it exists on is almost near impossible. His advice is to keep everything up to date with the current version available.
“The way Shellshock works is it depends on these variables, these snippets of code that programs can pass from one to another, and the way they use this is it is the glue between one program and another,” Gillis said. “One was written this way and another was written by someone else in a different way and they need a way to talk, so they can use what are called environment variables.”
Shellshock causes these environment variables to become vulnerable. Since every Wi-Fi router uses them to communicate to each device it connects to, people should be very cautious when it comes to connecting to Wi-Fi networks that are unknown. Gillis said every router contains this bug.
“I have Malwarebytes and malware software. I also have Windows Defender, which comes with the computer,” senior Andy Kegley said. “Common sense [while using computers] is the easiest thing to use to not get viruses and things. I changed my Google password … and I think I also changed my [PlayStation Network] password, as well.”
Even though this bug is very dangerous, Gillis said it will probably not affect most people at this point.
“I think the key takeaway for consumers is don’t get terribly worried,” Gillis said. “Now that people know about it and it has been a few weeks, it is becoming less and less severe because more and more people are patching their systems.”
By Abdul-Rahman Abdul-Kafi