Akamai's Prolexic Security Engineering & Response Team found 4.1 million Internet-facing Universal Plug and Play devices are potentially vulnerable to being employed in this type of reflection DDoS attack.
A vulnerability in SSL 3.0 lets attackers extract session cookies and other secrets from encrypted online communications, but experts believe the seriousness is tempered by the overall difficulty in exploiting the vulnerability.
Opinions vary wildly among experts as to the potential impact of the Shellshock vulnerability. What is known—and agreed upon—at this point, is that Shellshock is a very serious vulnerability because it allows remote code execution and gives the attacker full access to the system.
The misconception that Internet privacy equals anonymity must be dispelled if cyberspace is to be a secure and safe place. At the same time, mechanisms must be incorporated to ensure that communications remain confidential and resistant to unauthorized alteration by third parties.
Does a dangerous threat lie with ISIS’s possible use of cyber weapons against American critical infrastructure, financial system or other targets? Will such attacks be attempted and do the capabilities exist within ISIS to do so?
Thanks to significant technological advances what we can do is use knowledge of the past and the present to drive a desired future outcome. That capability is extremely important for better security given today’s threat landscape and the vicious cycle defenders face.
At the end of the day, the kill switch will not only decrease the amount of people mugged for their phones because there is little net value in the device itself, but it will also provide individuals with the means to wipe the device of personal information.