[Home]  [Headlines]  [Latest Articles]  [Latest Comments]  [Post]  [Sign-in]  [Mail]  [Setup]  [Help] 

Status: Not Logged In; Sign In

GOD BLESS THE USA - TRUMP MUSIC VIDEO

10 Things You MISSED About Trump's Assassin

In "Major Policy Shift" Biden Authorizes Ukraine's Use Of US Missiles To Hit Targets Inside Russia

MSG ERUPTS Into USA Chants As Trump PULLS UP With Elon Musk And THE AVENGERS To UFC 309!

Preschool teacher-turned-soldier brings down Russian missile with Igla system

Sunday Morning Futures With Maria Bartiromo 11/17/24 | BREAKING FOX NEWS November 17, 2024

Sadhguru's Message to America After Donald Trump's Election Victory

U.S. states are passing internet age verification laws as a cover to compel people into using digital IDs

US Train trackss creak with ago se we build a new line in Peru!!

EVIDENCE OF A ZIONIST MAFIA ₪ HOW ISRAEL CONTROLS THE US AND GLOBAL POLITICS

Women Have Been RADICALIZED, Men HAVE NOT, Data Proves Women Are Becoming MORE EXTREME Politically

Democrat Congressman Dan Goldman Has Worst Case of TDS Yet?

It Is Called 18 U.S.Code 242

Boebert Asks Witnesses If DoD Is Creating ‘Hybrids’ Of Human & Non-Human Genetics

IRAN EXPANDS "NOTAM" TO FOUR ADDITIONAL ZONES - Retaliation Against Israel?

East Coast's Largest Grocer Hit by Cyber Attack: Ahold Delhaize Operations Halted

Sen. Mike Lee Has an Excellent Idea to Stop Democrat Bob Casey From Stealing Pennsylvania’s Senate Race

Left-wing dark money network hauled in more than $1.3B in anonymous donations for liberal causes in 2023

Kennedy to use DOJ investigate and punish collusion between Big Pharma and medical boards /medical journals

Bessent Vs. Lutnick: Musk & RFK Push For Pro-Crypto Treasury Secretary While Bass Backs Rumored Favorite

CNN’s Dana Bash slams anti-Israel protester who confronted her at synagogue: ‘No shame, no decency, and no clue’

Biden's Cabinet Nominees Were Completely Unqualified Compared To Trump's

Elon Musk's X Corp. files notice in Alex Jones' Infowars bankruptcy case

Pilot Fired by Biden. Hired ny Trump.

Blacks have to be defined more than as victims of oppression

No, We Will Not Honor Your Delusions! – Young Conservative

Israeli Troops Reach Deepest Point In Lebanon Since Ground Op Began

Elon Musk Met With Iran's UN Ambassador

Schumer Moves to Silence Criticism of Israel as Hate Speech With 'Antisemitism Awareness Act'

Historic English town that inspired Charles Dickens’ best stories


Science/Tech
See other Science/Tech Articles

Title: Worse than Heartbleed: ‘Shellshock’ Bash bug threatens millions of computer systems worldwide
Source: [None]
URL Source: [None]
Published: Sep 26, 2014
Author: staff
Post Date: 2014-09-26 02:02:42 by Tatarewicz
Keywords: None
Views: 268
Comments: 11

RT...

A vulnerability has been discovered within the widely used Bash software included on Linux and Mac operating systems, raising concerns about an exploit that some experts say stands to be more damaging than the Heartbleed bug identified earlier this year.

Researchers revealed on Wednesday this week that a bug has been spotted in Bash — a command-line shell developed in the 1980s and common to Linux and Unix systems — the likes of which may allow attackers to target computers and, if successful, run malicious codes that could let them take control of entire servers pertaining to potentially millions of machines.

But while the so-called Heartbleed bug found in April allowed hackers to spy on vulnerable systems due to a previously undiscovered flaw in the open-source encryption software called OpenSSL, security experts say already that the Bash exploit — being referred to as “Shellshock”— is more severe because exploiting it could allow attackers to seize systems that are vulnerable by running unauthorized code that, in a worst case scenario, gives them full privileges on the plundered machine.

"The method of exploiting this issue is also far simpler,” Dan Guido, the chief executive of a cybersecurity firm Trail of Bits, told Reuters on Wednesday this week of the differences. “You can just cut and paste a line of code and get good results.”

After discovery of Shellshock was identified by researcher Stephane Schazelas on Wednesday, the United States Computer Emergency Readiness Team, or US-CERT, acknowledged the severity of the issue by releasing a statement warning that “exploitation of this vulnerability may allow a remote attacker to execute arbitrary code on an affected system.”

Heartbleed logo

“In other words, it allows the user to type commands into a simple text-based window, which the operating system will then run,” security company Symantec said in a warning on Thursday.

"Using this vulnerability, attackers can potentially take over the operating system, access confidential information, make changes, et cetera," Tod Beardsley, an engineering manager at cybersecurity firm Rapid7, added to Reuters. "Anybody with systems using Bash needs to deploy the patch immediately."

On the government’s official CERT website, a statement tells visitors to read a Wednesday blog post on the website of security company Red Hat where researchers said patching the exploit was a “critical priority” and, given the “pervasive use of the Bash shell,” should be acknowledged by everyone as a serious vulnerability. Separately, the National Vulnerability Database — a group sponsored by the US Department of Homeland Security, CERT and the National Institute of Standards and Technology — gave the bug a rating of “10” in terms of severity, its highest.

Among those who say Shellshock poses a bigger risk than Heartbleed is Robert Graham, a computer expert at co-founder of Errata Security, who tweeted this week that “enough systems are vulnerable for this to be a real concern.”

“Luckily, since bash is open-source, this bug was quickly found before it became widely deployed,” Graham tweeted, but with the caveat: “This ‘bash’ bug is probably a bigger deal than Heartbleed.”

Indeed, a preliminary scan conducted by Graham this week discovered no fewer than 3,000 vulnerable systems. “Consequently,” he wrote, “…this thing is clearly wormable, and can easily worm past firewalls and infect lots of systems. One key question is whether Mac OS X and iPhone DHCP service is vulnerable — once the worm gets behind a firewall and runs a hostile DHCP server, that would ‘game over’ for large networks.”

Patches have since been released that are intended to prevent attacks from exploiting the Bash bug, but the Red Hat security blog said on Thursday that attempts to fix the glitch have so far been incomplete.

Post Comment   Private Reply   Ignore Thread  


TopPage UpFull ThreadPage DownBottom/Latest

#1. To: Tatarewicz (#0)

Thanks for the heads up.

Pinguinite  posted on  2014-09-26   4:31:26 ET  Reply   Trace   Private Reply  


#2. To: Pinguinite, Tatarewicz, Lod, Jethro Tull, christine, Horse, All (#1)

More on this very serious computer virus....

Hackers are already exploiting the Shellshock bug, as we speak, because "fixes" are proving to be ineffective - they are going after the servers:

www.theglobeandmail.com/t...ffective/article20791606/

snip

Shellshock is a flaw in a ubiquitous interface that affects a wide range of computer systems and computer-driven devices.

“We have billions of devices on the Internet and we’re still going to see millions that have this problem,” Josh Bressers, a member of the security response team at the North Carolina technology firm Red Hat, said in an interview.

The bug was discovered by a French programmer who was worried that the interface was behaving in a “naive way” and was open to accepting malicious code.

“The only people who don’t have to worry about it are people who are running Windows consumers PCs or devices that are smaller than five centimetres by five centimetres,” Prof. Skillicorn said.

“Absolutely everything in between is almost certainly affected.”

This, he said, could include computers running on Linux and Mac OS X operating systems, website servers, Internet-enabled devices such as remote webcams, Wifi routers, cable modems, even Internet-enabled appliances.

Major security firms were sending out patches to remedy the problem.

scrapper2  posted on  2014-09-26   12:05:28 ET  Reply   Trace   Private Reply  


#3. To: scrapper2, Pinguinite, Tatarewicz, Lod, christine, Horse, All (#2)

Shellshock is a flaw in a ubiquitous interface that affects a wide range of computer systems and computer-driven devices.

Can someone give me an entry level explanation on what I need to do in order to protect this Tandy PC of mine?

Jethro Tull  posted on  2014-09-26   18:21:53 ET  Reply   Trace   Private Reply  


#4. To: Jethro Tull, scrapper2, Tatarewicz, Lod, christine, Horse, All (#3)

Solid info is not around yet, but apart from completely disconnecting from the internet, there's not much most people who's PC's and such are vulnerable can actually do at this point. You are either vulnerable, or not.

If you are running windows only, you are safe.

Linux and Apple systems are potentially vulnerable.

If you have a router and it's running "BASH" (Bourne Again SHell), which is a linux program which accepts and processes commands, it *could* be vulnerable. BASH is the program which contains this bug. I don't know yet how you can tell if your router uses BASH.

Because BASH has been around for such a long time, many other independent devices have it incorporated. Patching them will be the biggest challenge because such devices generally are never updated.

For the most part, linux servers, such as web servers, contain this bug and are will be the first to be targeted.

If you do have a linux system, run your update manager frequently to try to get the patch as soon as it's available.

BTW, to test your linux system, you can open up a terminal window and paste this into it and press return:

---------------------
x='() { :;}; echo VULNERABLE' bash -c :
---------------------

If you get "VULNERABLE" printed on your screen, you have the bug. If you get something like:

---------------------
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
---------------------

Then your system is patched and you're safe.

Pinguinite  posted on  2014-09-27   13:02:27 ET  Reply   Trace   Private Reply  


#5. To: Pinguinite (#4)

Thanks Neil. I got vulnerable, now I will see if they have a patch yet. Thanks again.

Americans who have no experience with, or knowledge of, tyranny believe that only terrorists will experience the unchecked power of the state. They will believe this until it happens to them, or their children, or their friends. Paul Craig Roberts

"When plunder becomes a way of life for a group of men living together in society, they create for themselves in the course of time a legal system that authorizes it and a moral code that glorifies it." Frederic Bastiat

James Deffenbach  posted on  2014-09-27   15:24:04 ET  Reply   Trace   Private Reply  


#6. To: All (#5)

Updated and now I get what you said I should when it was safe.

Americans who have no experience with, or knowledge of, tyranny believe that only terrorists will experience the unchecked power of the state. They will believe this until it happens to them, or their children, or their friends. Paul Craig Roberts

"When plunder becomes a way of life for a group of men living together in society, they create for themselves in the course of time a legal system that authorizes it and a moral code that glorifies it." Frederic Bastiat

James Deffenbach  posted on  2014-09-27   15:32:42 ET  Reply   Trace   Private Reply  


#7. To: James Deffenbach (#6) (Edited)

What linux are you running?

Oh.... there have been patches issued, but also warnings that they are not complete, so keep doing updates for the next week or two.

Pinguinite  posted on  2014-09-27   15:53:05 ET  Reply   Trace   Private Reply  


#8. To: Pinguinite (#7)

I use PCLOS. I usually update pretty often but this time I got a new team viewer (updated version of it anyway--I had 8 and now it's 9).

Americans who have no experience with, or knowledge of, tyranny believe that only terrorists will experience the unchecked power of the state. They will believe this until it happens to them, or their children, or their friends. Paul Craig Roberts

"When plunder becomes a way of life for a group of men living together in society, they create for themselves in the course of time a legal system that authorizes it and a moral code that glorifies it." Frederic Bastiat

James Deffenbach  posted on  2014-09-27   16:29:15 ET  Reply   Trace   Private Reply  


#9. To: Pinguinite (#4)

Neil, would you mind if I posted this info on fb? There are probably people who post there who use Linux and Macs who don't know about this bug. I will give you credit for it under your real name or Pinguinite.

Americans who have no experience with, or knowledge of, tyranny believe that only terrorists will experience the unchecked power of the state. They will believe this until it happens to them, or their children, or their friends. Paul Craig Roberts

"When plunder becomes a way of life for a group of men living together in society, they create for themselves in the course of time a legal system that authorizes it and a moral code that glorifies it." Frederic Bastiat

James Deffenbach  posted on  2014-09-27   16:31:17 ET  Reply   Trace   Private Reply  


#10. To: James Deffenbach (#9)

Please don't credit me at all. I'm just learning this myself from other websites. I frankly don't understand much about how bash works under the hood. But thanks for asking.

Pinguinite  posted on  2014-09-28   3:16:10 ET  Reply   Trace   Private Reply  


#11. To: Pinguinite (#10)

Thank you. It may help someone just as it did me.

Americans who have no experience with, or knowledge of, tyranny believe that only terrorists will experience the unchecked power of the state. They will believe this until it happens to them, or their children, or their friends. Paul Craig Roberts

"When plunder becomes a way of life for a group of men living together in society, they create for themselves in the course of time a legal system that authorizes it and a moral code that glorifies it." Frederic Bastiat

James Deffenbach  posted on  2014-09-28   5:25:59 ET  Reply   Trace   Private Reply  


TopPage UpFull ThreadPage DownBottom/Latest


[Home]  [Headlines]  [Latest Articles]  [Latest Comments]  [Post]  [Sign-in]  [Mail]  [Setup]  [Help]