oss-sec: CVE-2014-6271: remote code execution through bash.
This is serious. Bash is the default shell used by most *nix users. Lots of public web servers out there will be vulnerable if not updated. Someone could write an exploit that infects one machine and turn that machine into an agent for infecting others.
Update (2014-09-25): Ok it is happening.
Update (2014-09-26): Everything you need to know about the Shellshock Bash bug
The headlines state everything through 4.3 or in other words, about 25 years’ worth of Bash versions
Update (2014-10-07): Winzip and possibly Yahoo has been compromised
We are likely to see more and more of such high profile hacks, as devices become more transparent/integrated and IoT takes off. Be very afraid when your next Smart TV comes with a built-in webcam.
With more information than ever being stored and shared online and on connected devices hacking stories are frequent and are mainstream news. This was the case yesterday as dozens of celebrities fell victim to hackers who leaked hundreds of private photographs and videos stolen from web based storage services.
New Web Order > Nik Cubrilovic – – » Notes on the Celebrity Data Theft.