After HeartBleed another biggest security flaw "Shellshock" was made public a week ago and this vulnerability was said to be worse than HeartBleed. Shellshock is a critical remotely exploitable vulnerability that has been discovered in the widely used Linux and Unix command-line shell, known as Bash or GNU Bourne Again Shell.
This Vulnerability puts more than 80 percent of the websites, servers, and Linux systems under the threat. And with so much of a vulnerable system, this was the golden opportunity for the hackers to get their victims.
On the same, Romanian hackers have hacked into the Yahoo server with the shellshock vulnerability. A report posted on the security researcher Jonathan Hall's site, noted that
According to the hackers have hacked and gained access to the Yahoo Game server. Jonathan had also published a corresponding email purportedly from Yahoo’s in-house security team confirming the breach.
Reports say that hackers have exploited the Shellshock vulnerability that resides on the Unix-based operating system that can allow attackers to take total control over the system, it has even allowed them to install various programs and run commands.Jonathan wrote that he had reported the issue to Yahoo several times and also reported it to the FBI but later on he made a post on his website to take attention of yahoo's team. In the post, he wrote-
This is a very serious issue and a very serious manner that needs to be addressed immediately. I've also emailed Marissa Mayer and contacted her via twitter, both of which yielded zero results and no response. There are no publicly available contact methods for Yahoo! that have yielded any luck with trying to contact them regarding this. I also have not heard anything back on the WinZip domain, either. This is a gross negligence and complete lack of care or concern for the safety of the consumers in terms of financial information.Later on, a representative of Yahoo’s security team replied to Hall in a mail and confirmed the breach. Yahoo team is internally investigating the matters to check the series of damage and further damage to Yahoo ad its users.
While this is the first attack that has come forward but this won't be the last. With Heartbleed, there are still tonnes of systems that are vulnerable, and Shellshock, just came so we can imagine how dangerous it would be.
As major Linux distribution vendors have patched the vulnerability and released new bash software versions, so we recommend our readers and all server and web admin patch the vulnerability immediately. Website owners are also advised to contact their server admin or hosting provider to path the issue.