Holy cow there are a lot of .mil and .gov sites that are going to get owned by CVE-2014-6271.
— Kenn White (@kennwhite) September 24, 2014
5 months after the worst security bug in history comes what may be the worst security bug in history. I can't blame people at Microsoft if they smirk about this, because Windows is not vulnerable but Unix/Linux/MacOS is. And the bug turns out to be over 20 years old.
A quick note: if you are running Ubuntu (or other flavors of Debian Linux) you are not vulnerable. Also, this is a server-side attack, and so it won't directly impact most of you. However, Linux is embedded in a lot of devices, like your home router. These are maybe vulnerable. Stay tuned.
That said, this is about as bad as it gets for web servers:
That bash bug is bad ( https://t.co/60kPlziiVv ) Get a reverse shell on a vulnerable website http://t.co/7JDCvZVU3S by @ortegaalfredo
— Chris Williams (@diodesign) September 24, 2014
Those of you who work in IT, life is fixin' to get interesting ...