Page 1 of 1
Shellshock
Posted: 25 Sep 2014, 13:24
by paint it black
http://www.bbc.co.uk/news/technology-29361794
should i be worried? I find it so hard to keep up with these things. Will windows defender cope
thanks in advance
Posted: 25 Sep 2014, 13:44
by markfiend
should i be worried?
Probably
you might need to upgrade things like router firmware...
Posted: 25 Sep 2014, 18:07
by eastmidswhizzkid
so this doesn't affect windows users? or does it if it the servers we are using are affected?
Posted: 25 Sep 2014, 18:35
by paint it black
my very limited understanding is that yes if the server is running windows you are at risk
no firmware update for my router yet #danger of PIB being involved in goth fappening remains high
Posted: 25 Sep 2014, 18:35
by Bartek
For once it's not so bad have Windows (7).
Posted: 25 Sep 2014, 18:40
by nowayjose
This bug only affects a few corner cases, where for example, a web server hands through unsanitized user-provided stuff to the environment variables of a CGI script (which is a very bad idea in the first place) and similar situations.
Windows isn't affected (unless you run something like Cygwin on it and have a scenario like the above).
Rather exaggerated in the mainstream press, as usual. The 'heartbleed' bug was much worse.
Posted: 25 Sep 2014, 19:10
by markfiend
Yeah Windows is actually safe, it's a Linux/unix exploit
The thing is, your broadband router might be vulnerable, depending on the model and network. Who knows what crappy cgi scripts get stuck on them?
Posted: 25 Sep 2014, 20:15
by Dan
Are Mac's affected? (I want to know if this is the one time windows users are able to say to a mac user "get a pc")!
Posted: 25 Sep 2014, 20:23
by lazarus corporation
Dan wrote:Are Mac's affected? (I want to know if this is the one time windows users are able to say to a mac user "get a pc")!
OSX is just a fork of the (normally free) Unix OS - people are just paying for the Apple brand name on top of free software - so yes, it affects Macs as well.
Posted: 25 Sep 2014, 20:35
by Dan
lazarus corporation wrote:so yes, it affects Macs as well.
Posted: 25 Sep 2014, 22:37
by nowayjose
lazarus corporation wrote:
OSX is just a fork of the (normally free) Unix OS - people are just paying for the Apple brand name on top of free software - so yes, it affects Macs as well.
Not quite... most of OSX is original and was developped by Apple and NeXT (Steve Jobs' previous firm before he re-joined Apple). It is however true that it sits on a substrate of free software that was taken from the BSD, Mach and Gnu projects (largely developped at US universities and paid for by the American taxpayer).
Posted: 27 Sep 2014, 12:18
by Pista
I can't help but think that these issues should be kept out of the press really.
At least until fixes/ patches are issued.
Originally the story alluded that machines "could" be compromised & now, a few days after much media coverage, machines "have" been compromised.
But I am curious to know how many would have been attacked had the bug not been plastered all over the news.
Posted: 27 Sep 2014, 12:25
by markfiend
Security through obscurity? But the problem is, you're just assuming the black hats haven't already found the bug. It was certainly the case that the Heartbleed bug was being exploited for months before any of the white hats even knew it was there.
Posted: 28 Sep 2014, 12:33
by Pista
I'm pretty sure that the black hats (or at least a few of them) have already found it.
Also pretty sure that some of them are employed by cyber security firms, but then that's my tin foil hat view.I just can't help thinking that the media coverage just brings a few more chancers to the party who just want to cause a bit of mischief.
I'm sure that if you go trawling the deep web, there are prolly thousands of these type of exploits out there that aren't reported in the press.
Posted: 28 Sep 2014, 14:14
by eastmidswhizzkid
Pista wrote:I'm pretty sure that the black hats (or at least a few of them) have already found it.
Also pretty sure that some of them are employed by cyber security firms, but then that's my tin foil hat view.
i dont know about tin-foil hats. you meet some pretty diverse and interesting people hitch-hiking;i was once picked up by a guy who just about fitted the description of a black-hat working for a cyber-security outfiit. and if half of what he told me (or alluded to) was straight up then its way beyond conspiracy theories.
Posted: 28 Sep 2014, 18:31
by Pista
*Reaches for the off button*
Posted: 29 Sep 2014, 09:08
by markfiend
Add to this the rather
mañana attitude of most system administrators, and you've got a match made in hell.
It's a wonder the Internet even works at all.
Posted: 29 Sep 2014, 10:06
by Pista
Posted: 29 Sep 2014, 13:13
by eastmidswhizzkid
you mean thats not how it works?
Posted: 29 Sep 2014, 13:29
by Pista
& if you type the word "google" into google, you'll break the internet
Posted: 29 Sep 2014, 13:31
by eastmidswhizzkid