Why Shellshock battle is only beginning

Fighting Hackers Leveraging the Flaws Could Go on for Years.

by: Tracy Kitten

Nearly two weeks after news of Shellshock broke, attacks that attempt to exploit Bash vulnerabilities are already grabbing headlines. But Akamai’s Michael Smith warns that the battle against Shellshock-targeting hackers may continue for years.

Millions of devices, including routers and modems, could contain Shellshock vulnerabilities. And Smith warns it’s going to take a long time to find those devices and keep them patched.

As a result, organizations must be diligent, persistent and committed to the long-term goal of mitigating the risks associated with Shellshock, Smith says during this second part of a two-part interview with Information Security Media Group. Expect to be patching and upgrading devices for many years, as new weaknesses continue to be identified or exploited, he says.

“You’ve got all of these devices, and the problem is that there isn’t really a good, centralized device management system for all of these,” Smith says. “So, I think we’ll be finding these vulnerabilities for years to come.”

continue reading »