Faith in Internet voting? Prepare for “ShellShock”!

New York Times: Security Experts Expect ‘Shellshock’ Software Bug in Bash to Be Significant <read>

Continuing with facts to put in front of those with blind faith in the Interned, a disease that attacks those with little knowledge of computers, data communications, and software.

From the article:

On Thursday, security experts warned that Bash contained a particularly alarming software bug that could be used to take control of hundreds of millions of machines around the world, potentially including Macintosh computers and smartphones that use the Android operating system.

The bug, named “Shellshock,” drew comparisons to the Heartbleed bug that was discovered in a crucial piece of software last spring.

But Shellshock could be a bigger threat. While Heartbleed could be used to do things like steal passwords from a server, Shellshock can be used to take over the entire machine. And Heartbleed went unnoticed for two years and affected an estimated 500,000 machines, but Shellshock was not discovered for 22 years.

That a flawed piece of code could go unnoticed for more than two decades could be surprising to many. But not to programmers.

A bit of good news, followed by more bad news:

Working with Mr. Ramey and people who work on open-source security, Mr. Chazelas had a patch within hours. Then they contacted major software makers while trying to avoid tipping off hackers.

An official alert from the National Institute of Standards and Technology warned that the vulnerability was a 10 out of 10, in terms of its severity, impact and exploitability, but low in terms of its complexity, meaning that it could be easily used by hackers.

Security researchers say that as soon as the bug was reported they detected widespread Internet scanning by so-called white hat hackers — most likely security researchers — as well as people thought to be cybercriminals. The worry is that it is only a matter of time before somebody writes a program that will use Shellshock to take them over.

That a flawed piece of code could go unnoticed for more than two decades could be surprising to many. But not to programmers…

“I don’t think this is an open-source problem,” Mr. Zemlin said. “Software is eating the world. The bad news is software is hard and complex.”

So to those who trust software, without knowledge, and lots of faith, please don’t apply your blind faith to elections effecting our democracy.


Leave a Reply

You must be logged in to post a comment.