{"version":"1.0","provider_name":"OTAVA","provider_url":"https:\/\/www.otava.com","title":"What to do about Bash bug, which could pose bigger threats than Heartbleed","type":"rich","width":600,"height":338,"html":"<blockquote class=\"wp-embedded-content\" data-secret=\"IGZIEdEPe9\"><a href=\"https:\/\/www.otava.com\/blog\/what-to-do-about-bash-bug-which-could-pose-bigger-threats-than-heartbleed\/\">What to do about Bash bug, which could pose bigger threats than Heartbleed<\/a><\/blockquote><iframe sandbox=\"allow-scripts\" security=\"restricted\" src=\"https:\/\/www.otava.com\/blog\/what-to-do-about-bash-bug-which-could-pose-bigger-threats-than-heartbleed\/embed\/#?secret=IGZIEdEPe9\" width=\"600\" height=\"338\" title=\"&#8220;What to do about Bash bug, which could pose bigger threats than Heartbleed&#8221; &#8212; OTAVA\" data-secret=\"IGZIEdEPe9\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\" class=\"wp-embedded-content\"><\/iframe><script type=\"text\/javascript\">\n\/* <![CDATA[ *\/\n\/*! This file is auto-generated *\/\n!function(d,l){\"use strict\";l.querySelector&&d.addEventListener&&\"undefined\"!=typeof URL&&(d.wp=d.wp||{},d.wp.receiveEmbedMessage||(d.wp.receiveEmbedMessage=function(e){var t=e.data;if((t||t.secret||t.message||t.value)&&!\/[^a-zA-Z0-9]\/.test(t.secret)){for(var s,r,n,a=l.querySelectorAll('iframe[data-secret=\"'+t.secret+'\"]'),o=l.querySelectorAll('blockquote[data-secret=\"'+t.secret+'\"]'),c=new RegExp(\"^https?:$\",\"i\"),i=0;i<o.length;i++)o[i].style.display=\"none\";for(i=0;i<a.length;i++)s=a[i],e.source===s.contentWindow&&(s.removeAttribute(\"style\"),\"height\"===t.message?(1e3<(r=parseInt(t.value,10))?r=1e3:~~r<200&&(r=200),s.height=r):\"link\"===t.message&&(r=new URL(s.getAttribute(\"src\")),n=new URL(t.value),c.test(n.protocol))&&n.host===r.host&&l.activeElement===s&&(d.top.location.href=t.value))}},d.addEventListener(\"message\",d.wp.receiveEmbedMessage,!1),l.addEventListener(\"DOMContentLoaded\",function(){for(var e,t,s=l.querySelectorAll(\"iframe.wp-embedded-content\"),r=0;r<s.length;r++)(t=(e=s[r]).getAttribute(\"data-secret\"))||(t=Math.random().toString(36).substring(2,12),e.src+=\"#?secret=\"+t,e.setAttribute(\"data-secret\",t)),e.contentWindow.postMessage({message:\"ready\",secret:t},\"*\")},!1)))}(window,document);\n\/\/# sourceURL=https:\/\/www.otava.com\/wp-includes\/js\/wp-embed.min.js\n\/* ]]> *\/\n<\/script>\n","description":"Cybersecurity experts are saying a bug in the widely-used command prompt software Bash could be a bigger threat to users than the Heartbleed bug that surfaced earlier this year. The vulnerability affects Unix-based operating systems, including Linux and Apple\u2019s Mac OS X. The bug \u2013 which has picked up the moniker Shellshock \u2013 allows for malicious code execution to take over an operating system and access information. Patches have been issued by many of the major Linux distribution vendors. Security expert Robert Graham, who has extensive coverage of the bug on his Errata Security blog,\u00a0 describes why it is so worrisome: The first reason is that the bug interacts with other software in unexpected ways. We know that interacting with the shell is dangerous, but we write code that does it anyway. An enormous percentage of software interacts with the shell in some fashion. Thus, we&#8217;ll never be able to catalogue all the software out there that is vulnerable to the bash\u00a0bug. This is similar to the OpenSSL bug: OpenSSL is included in a bajillion software packages, so we were never able to fully quantify exactly how much software is vulnerable. The second reason is that while the known systems..."}