Queen's Gazette | Queen's University

Search form

Internet braces for Shellshock security flaw

Thursday, September 25, 2014

Queen’s University security expert is available to comment on Shellshock, a new security flaw found in Linux, a commonly used operating system. Security experts have warned that this serious flaw, in existence for about 25 years, could be about to affect many of the world’s web users. Some are saying it could be worse than Heartbleed.

“Computer systems routinely ask other systems ‘Do this for me’ but, for security reasons, the system doing the task uses its own tools,” explains Dr. Skillicorn. “This Shellshock (Bash) vulnerability is so dangerous because it allows one system to ask another ‘Do this for me and, by the way, use my hammer that I'm sending you.’ The hammer can contain any code at all, and so the asked system can be made to do the asking system's bidding.”

To arrange an interview, please contact communication officers Anne Craig at 613-533-2877 or anne.craig@queensu.ca or Rosie Hales at 613-533-6000 ext. 77513 or rosie.hales@queensu.ca at Queen’s University News and Media Services Department in Kingston, Ont., Canada.

Follow Queen’s News and Media Services on Twitter: http://twitter.com/QueensuMedia.

Attention broadcasters: Queen’s has facilities to provide broadcast quality audio and video feeds. For television interviews, we can provide a live, real-time double ender from Kingston with HD-SDI. Please call for details.

Related Experts