Since the announcement of the Shellshock Bash bug yesterday, there has been a lot of confusion on what this is, and how it may impact people. At the high level, it impacts bash, which is a “shell” program for systems running on some flavor of Unix such as Linux. For those who are interested in the details, please visit the links in the reference section. In this post we want to discuss how Shellshock impacts different groups and what can be done:
The Heartbleed bug has been all over the media this week. The reason it’s generating so much buzz is because of its potential large impact. Many large websites have this vulnerability, so pretty much everyone needs to change some, if not all, of their passwords to minimize the impact.
Many websites have come out and said that they have seen no evidence of any access or data breach. However, according to Codenomicon, the organization that announced this vulnerability, an attack may not leave any trace. Therefore, consumers have been warned to change their passwords just to be on the safe side.
There are several lists (list 1 and list 2) out there that show which websites were affected, and which ones were not. I was glad to see that Paypal and my financial institutions were not impacted. However, I did see that Yahoo was affected, and likely Google (Google announced that there is no need to change the Google Account password, though many experts still recommend that you do so) as well. All internet users should check now to see if they need to change the password to any site that they login to.
There’s a lot of discussion on the DNSChanger malware, with some articles using eye-catching headlines such as “malware may knock thousands off Internet on Monday.” I did some research on this topic and below are the facts around this malware.
What is DNS Changer
The DNSChanger malware was created in 2007. The affected computers had their DNS settings altered so that everytime that computer access the internet, it uses cybercriminal’s DNS server. The end result was that users would see unwanted ads, as well as being redirected to sites that were not their intended targets.
Over the weekend, reports surfaced about a new malware called Flame (some called it Flamer, and some others called it Skywiper). Within a short period of time, all top antivirus vendors, for example Symantec, Kaspersky, and McAfee, published information on this malware. So far, this virus has been found to affect Windows machines, and it has been detected mostly in the Middle East.
The details on this threat, despite the scrutiny, are not 100% clear. What is known is that it is 20MB, a huge size for a threat. The reason it’s so large is because it has many different modules. The sheer size means that it will likely take antivirus vendors a long time to fully analyze Flame.