By Richard Adhikari • LinuxInsider • ECT News Network
10/29/14 7:32 PM PT
Four days after the Shellshock vulnerability was disclosed, Incapsula's Web application firewall deflected more than 217,000 attempted exploits on more than 4,100 domains. The company recorded upwards of 1,970 attacks per hour, from more than 890 IPs around the world.
Shellshock was expected to be far worse than the Heartbleed flaw, which was expected to impact about 17 percent of the secure Web servers worldwide. That added up to about 500,000 servers.
That's because Shellshock attacks Bash, which is built into every Unix, Linux and Apple server, as well as embedded devices. Shellshock lets the hacker take over -- whereas Heartbleed did not.
Heartbleed just allowed a hacker to spy on computers, not take control of them, Kyle Kennedy, chief technology officer at Stealthbits Technologies, said at the time. Shellshock lets attackers not only control the host, but also access and make changes to everything on it.
Further, while Heartbleed required multiple requests to a server, Shellshock is activated with only one.
Full Article
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.