(credit: Jason Riedy / Flickr)
Forensic evidence shows signs that a Georgia election server may have been hacked ahead of the 2016 and 2018 elections by someone who exploited Shellshock, a critical flaw that gives attackers full control over vulnerable systems, a computer security expert said in a court filing on Thursday.
Shellshock came to light in September 2014 and was immediately identified as one of the most severe vulnerabilities to be disclosed in years. The reasons: it (a) was easy to exploit, (b) gave attackers the ability to remotely run commands and code of their choice, and (c) opened most Linux and Unix systems to attack. As a result, the flaw received widespread news coverage for months.
Patching on the sly
Despite the severity of the vulnerability, it remained unpatched for three months on a server operated by the Center for Election Systems at Kennesaw State University, the group that was responsible
Original URL: https://arstechnica.com/?p=1645597