Hackers are calling this dangerous security bug "worse than Heartbleed." If you remember how easily Heartbleed let hackers steal your info, then today’s news is a big concern. This time, the problem affects both websites you may visit plus everyday electronic gear you may have.
By one estimate, nearly two thirds of all Web servers are vulnerable to this new Bash bug. This could mean hundreds of thousands or even millions of websites are affected. The Bash bug is so scary, in fact, that the exploit even lets hackers open and close the CD drive on your computer.
Bash gives hackers a wide-open backdoor into your computer that, unlike most viruses, lets them remotely execute a file. This means that they can install files without your consent. Every Apple and Linux computer in the world is, as of this moment, vulnerable to attack.
After a security expert reported the exploit yesterday, hackers leaped into action and created the "Thanks, Richard" worm. The worm is a form of malware that looks for computers that it can infect and then automatically does so.
After infecting a system, the worm automatically looks for more places to infect. While we don't yet know what software was in the worm, the sheer number of devices vulnerable to the Bash exploit is staggering.
By taking advantage of Bash, hackers could infect "smart" thermostats, lightbulbs and door locks. It's a one-stop shop for becoming a villain straight out of a comic book movie.
Here's how to stay safe:
- Avoid visiting any website that isn't updated often.
- Don't download anything from non-secure locations for a few days. If you have to download a program, be sure to confirm its authenticity with your anti-virus program.
- Subscribe to my newsletters to get my continued coverage of this dangerous exploit. I'll let you know when the fix is finally in.
- Send out emails, share this post and spread the word. Keep your friends and family out of websites that could already be infected with malware.
It's frustrating that the only advice I can really give to you is "stay tuned," but we're not the soldiers in this war, we're the victims. It's a battle between server administrators and cybercriminals.
My advice to you until a fix is in? Duck for cover.