Shellshock

paint it black · 25 Sep 2014, 13:24

http://www.bbc.co.uk/news/technology-29361794

should i be worried? I find it so hard to keep up with these things. Will windows defender cope

thanks in advance

25 Sep 2014, 13:44

should i be worried?

Probably

you might need to upgrade things like router firmware...

eastmidswhizzkid · 25 Sep 2014, 18:07

so this doesn't affect windows users? or does it if it the servers we are using are affected?

paint it black · 25 Sep 2014, 18:35

my very limited understanding is that yes if the server is running windows you are at risk

no firmware update for my router yet #danger of PIB being involved in goth fappening remains high

Bartek · 25 Sep 2014, 18:35

For once it's not so bad have Windows (7).

nowayjose · 25 Sep 2014, 18:40

This bug only affects a few corner cases, where for example, a web server hands through unsanitized user-provided stuff to the environment variables of a CGI script (which is a very bad idea in the first place) and similar situations.

Windows isn't affected (unless you run something like Cygwin on it and have a scenario like the above).

Rather exaggerated in the mainstream press, as usual. The 'heartbleed' bug was much worse.

25 Sep 2014, 19:10

Yeah Windows is actually safe, it's a Linux/unix exploit

The thing is, your broadband router might be vulnerable, depending on the model and network. Who knows what crappy cgi scripts get stuck on them?

Dan · 25 Sep 2014, 20:15

Are Mac's affected? (I want to know if this is the one time windows users are able to say to a mac user "get a pc")!

lazarus corporation · 25 Sep 2014, 20:23

Dan wrote:Are Mac's affected? (I want to know if this is the one time windows users are able to say to a mac user "get a pc")!

OSX is just a fork of the (normally free) Unix OS - people are just paying for the Apple brand name on top of free software - so yes, it affects Macs as well.

Dan · 25 Sep 2014, 20:35

lazarus corporation wrote:so yes, it affects Macs as well.

nowayjose · 25 Sep 2014, 22:37

lazarus corporation wrote: OSX is just a fork of the (normally free) Unix OS - people are just paying for the Apple brand name on top of free software - so yes, it affects Macs as well.

Not quite... most of OSX is original and was developped by Apple and NeXT (Steve Jobs' previous firm before he re-joined Apple). It is however true that it sits on a substrate of free software that was taken from the BSD, Mach and Gnu projects (largely developped at US universities and paid for by the American taxpayer).

27 Sep 2014, 12:18

I can't help but think that these issues should be kept out of the press really.
At least until fixes/ patches are issued.
Originally the story alluded that machines "could" be compromised & now, a few days after much media coverage, machines "have" been compromised.
But I am curious to know how many would have been attacked had the bug not been plastered all over the news.

27 Sep 2014, 12:25

Security through obscurity? But the problem is, you're just assuming the black hats haven't already found the bug. It was certainly the case that the Heartbleed bug was being exploited for months before any of the white hats even knew it was there.

28 Sep 2014, 12:33

I'm pretty sure that the black hats (or at least a few of them) have already found it.
Also pretty sure that some of them are employed by cyber security firms, but then that's my tin foil hat view.I just can't help thinking that the media coverage just brings a few more chancers to the party who just want to cause a bit of mischief.
I'm sure that if you go trawling the deep web, there are prolly thousands of these type of exploits out there that aren't reported in the press.

eastmidswhizzkid · 28 Sep 2014, 14:14

Pista wrote:I'm pretty sure that the black hats (or at least a few of them) have already found it.
Also pretty sure that some of them are employed by cyber security firms, but then that's my tin foil hat view.

i dont know about tin-foil hats. you meet some pretty diverse and interesting people hitch-hiking;i was once picked up by a guy who just about fitted the description of a black-hat working for a cyber-security outfiit. and if half of what he told me (or alluded to) was straight up then its way beyond conspiracy theories.

28 Sep 2014, 18:31

*Reaches for the off button*

29 Sep 2014, 09:08

Add to this the rather maÃ±ana attitude of most system administrators, and you've got a match made in hell.

It's a wonder the Internet even works at all.

29 Sep 2014, 10:06

Obligatory

eastmidswhizzkid · 29 Sep 2014, 13:13

Pista wrote:Obligatory

you mean thats not how it works?

29 Sep 2014, 13:29

& if you type the word "google" into google, you'll break the internet

eastmidswhizzkid · 29 Sep 2014, 13:31