Inside Shellshock: How hackers are using it to exploit systems
The Shellshock bug was discovered in September 2014, causing a scramble to patch vulnerable versions of bash on computers, servers, routers, and other computing appliances. CloudFlare rolled out protection for its Pro, Business, and Enterprise customers through their Web Application Firewall (WAF), later extending it to Free plan customers as well. The Shellshock problem is an example of an arbitrary code execution (ACE) vulnerability that allows hackers to take control of another computer without requiring specialized knowledge. It has been exploited worldwide for various malicious activities, including reconnaissance, denial-of-service attacks, and taking direct control of servers.
Company
Cloudflare
Date published
Sept. 30, 2014
Author(s)
John Graham-Cumming
Word count
2240
Language
English
Hacker News points
229