Security Experts Expect ‘Shellshock’ Software Bug in Bash to Be Significant - NYTimes.com

Yikes; also see Google and Amazon Respond to Shellshock Security Flaw (WSJ)

"The bug, named “Shellshock,” drew comparisons to the Heartbleed bug that was discovered in a crucial piece of software last spring.

But Shellshock could be a bigger threat. While Heartbleed could be used to do things like steal passwords from a server, Shellshock can be used to take over the entire machine. And Heartbleed went unnoticed for two years and affected an estimated 500,000 machines, but Shellshock was not discovered for 22 years."

Security Experts Expect ‘Shellshock’ Software Bug in Bash to Be Significant - NYTimes.com