Yahoo Claims Shellshock Bug Not the Root of Monday’s Security Breach

After it was announced on Monday that hackers had infiltrated the popular search engine site Yahoo, officials from the company have said that the security breach did not involve the newly discovered bug “Shellshock,” according to The Economic Times. The company assured the public that no consumer information was at risk of being stolen.

Alex Stamos, the chief information security officer of Yahoo, informed users on Monday through the company’s Hacker News forum that three of its sports servers that provide customers with live streaming had experienced a security breach. He also stated that extensive research into the matter revealed that Shellshock played no role in the recent security breach. Stamos assured users that, at this time, no user data had been compromised and that the attack was specific to only the three servers.

Shellshock is a newly discovered bug that uses a flaw in a piece of software known as Bash that is commonly used on Linux and Mac computers. Bash, or Bourne Again Shell, is a program frequently used by programmers that essentially allows computer users to control their computers. Shellshock is a hole in this program that allows outsider codes to infiltrate and control computers from a remote location.

The new bug poses an enormous threat to millions of computer users. The flaw has been present for nearly 20 years, according to the New York Daily News, and as few as three lines of code are needed by hackers to break into the program.

“When it comes to online security, people should be treating their computers and online usage as they would treat their house: You need a sturdy, reliable lock and door,” explains Bob Goodrich, Vice President of Marketing for JSCAPE. “Users should also be using common sense when on the Internet: You’re not going to give your phone number to a stranger who shows up at your door — so too should you be cautious when asked for personal information online.”

Yahoo denies that Shellshock was responsible for Monday’s breach, despite accusations by security researcher Jonathan Hall, who discovered the security threat. Hall continued to argue that the breach was the result of Shellshock on Tuesday, noting that he watched the events unfold.

Stamos says there was understandable confusion among the Yahoo team because hackers had tried to use the security hole to get into the system. He added that Yahoo had patched the effected servers immediately after the Shellshock vulnerability was made public. After isolating the effected servers from the network, the company traced the issue back to its roots, confirming that the cyber attack did not result from Shellshock.

The Shellshock security bug was announced last month by the U.S. Department of Homeland Security, which rated the virus a 10 out of 10 on the U.S. National Vulnerability Database severity scale. Owners of Linux and Mac operating systems should exercise extreme caution and have their computers checked for vulnerability.

Leave a Reply

Your email address will not be published.