Jonathan D. Hall, former indicted hacker and president of Future South Technologies has confirmed that many major web properties have been infiltrated using the Shellshock vulnerability.
Shellshock was made public last month, and the bugs allow attackers to possibly gain unauthorized access to a computer system via an unpatched Unix Bash shell.
Reads Hall's post:
"Yahoo! Has been HACKED, and all your information with them is now in danger! All stemming from them not keeping up with technology and failing to patch a world-known vulnerability! This document is being released due to several high profile companies being infiltrated using the recent Shellshock vulnerability, and what I have deemed as an improper response, or lack thereof, to resolving the issue from certain key companies contacted, as well as the FBI. Amongst the affected companies are Yahoo! and Lycos, major players and names in the technology world. This breach affects ALL of us in one way or another, and it's crucial that this problem be resolved with haste. The FBI took the information down and went on their way. Yahoo! has not responded at all. I've attempted to email them, call them, and resorted to contacting Marissa Mayer directly via both email and Twitter, neither to which I have received a response as of yet. The ignoring of this issue is grossly negligent and even almost criminal. As such, I felt that for the safety of anyone using these services, it would be best to publicly disclose as much information as needed to get them moving and working towards resolving the issue before things get worse."
The report is very technical but worth reading. The more informed everyone is, perhaps the quicker Yahoo and others will patch their outdated systems.
Read here at Future South.
Reads Hall's post:
"Yahoo! Has been HACKED, and all your information with them is now in danger! All stemming from them not keeping up with technology and failing to patch a world-known vulnerability! This document is being released due to several high profile companies being infiltrated using the recent Shellshock vulnerability, and what I have deemed as an improper response, or lack thereof, to resolving the issue from certain key companies contacted, as well as the FBI. Amongst the affected companies are Yahoo! and Lycos, major players and names in the technology world. This breach affects ALL of us in one way or another, and it's crucial that this problem be resolved with haste. The FBI took the information down and went on their way. Yahoo! has not responded at all. I've attempted to email them, call them, and resorted to contacting Marissa Mayer directly via both email and Twitter, neither to which I have received a response as of yet. The ignoring of this issue is grossly negligent and even almost criminal. As such, I felt that for the safety of anyone using these services, it would be best to publicly disclose as much information as needed to get them moving and working towards resolving the issue before things get worse."
The report is very technical but worth reading. The more informed everyone is, perhaps the quicker Yahoo and others will patch their outdated systems.
Read here at Future South.