In 1987, programmer Brian J. Fox wrote one of the Internet’s most widely used tools. The software is named “Bash” (short for Bourne-Again Shell) and now appears in more than 70 percent of devices connected to the Internet, including computers, routers, servers and some mobile phones. Yesterday, security experts warned that Bash contains a software bug called “Shellshock” that could potentially be used to take over hundreds of millions of machines, including Mac computers and smartphones that run Android. Continue reading Security Experts Warn of Potentially Dangerous Shellshock Bug

More than a dozen companies have joined the Core Infrastructure Initiative to provide funding to open source projects, starting with OpenSSL. The Linux Foundation, Amazon, Cisco, Dell, Facebook, Fujitsu, Google, IBM, Intel, Microsoft, NetApp, Rackspace, Qualcomm, and VMWare have each pledged $100,000 over the next three years to pay for full-time developers, security audits, computing and testing infrastructure, and more to help financially strapped open source projects. Continue reading New Initiative Gets Companies to Fund Open Source Projects

Popular websites have been scrambling to update software and Internet users have been encouraged to change their passwords following the news of an encryption flaw known as the Heartbleed bug, which is already being categorized as one of the biggest security threats the Internet has ever experienced. The bug has affected a number of websites and services (although the extent is not clear), and may have exposed account info including passwords and credit card numbers going back two years. UPDATE: Cisco and Juniper said yesterday that some of their networking products contain the bug, which means sensitive info may have been obtained while moving across corporate networks, home networks and the Internet. Continue reading Bug Causes Scramble to Update Software and Change Passwords