[Home]  [Headlines]  [Latest Articles]  [Latest Comments]  [Post]  [Sign-in]  [Mail]  [Setup]  [Help] 

Status: Not Logged In; Sign In

Lefties Now Hate RFK JR So Much They are Drinking Seed Oils

My Favorite 5 Legumes That Fight Cancer, Repair The Body & Boost Longevity | Dr. William Li

Trudeau tells Parents to Prioritize CLIMATE CHANGE over their STARVING Children

Musk Goes All In On 'Judge Dredd' Matt Gaetz, Notes 'Douchebag' Garland Never Brought Charges

Germany to send 4,000 AI-guided drones to Ukraine.

Jordan Peterson - My Honest Opinion of Tulsi Gabbard

Horse is roaming those free pastures on Twitter.

Douglas Murray on Planet Elon

It's All Part of the PLAN! THIS is what THEY wanted all along!

Vacant home and rental tax coming for all homeowners

FBI Pays Visit to Pro-Palestine Journalist Alison Weir's Home

Ukraine Launches First ATACMS Strike On Russia, Sending Markets Reeling Amid WW3 Fears

Survivors describe deliberate killings, starvation and forced displacement

The Cheney-loving Democratic party needs a reckoning about war

Walmart stock soars 60% in 2024, its best year since 1999.

Mad At The Election? Blame Obama

AOC Says Dems Hurt By Yielding To AIPAC's "Wildly Unpopular Pro-Israel Agenda"

DNC Fires Loyal Staffers with One Day’s Notice, No Severance

Diabetes Cases Quadruple Over 30 Years; WHO Urges Lifestyle Changes

Medical Doctors react to RFK Appointment

Bill Maher tries to explain to baffled William Shatner why Harris lost election

Trump at UFC

Lying Joe Scarborough knows RFK Jr is The Best Candidate To Lead HHS

BOMBSHELL New Diddy Allegations Rock Hollywood and D.C.

Leftists Leave X For Bluesky Only To Overwhelm Site With Mass Censorship Demands

Kamala’s Absurd Ovary Actions

Five Reasons Why The 2024 Election Has Been Devastating For Leftists

A Real Life Example Of How Democrats Claim To Save You Money

"SHALL NOT BE COUNTED": Pennsylvania Supreme Court Orders Rogue Officials To Stop Counting Illegal Ballots

NYC voter shock


Science/Tech
See other Science/Tech Articles

Title: Worse than Heartbleed: ‘Shellshock’ Bash bug threatens millions of computer systems worldwide
Source: [None]
URL Source: [None]
Published: Sep 26, 2014
Author: staff
Post Date: 2014-09-26 02:02:42 by Tatarewicz
Keywords: None
Views: 287
Comments: 11

RT...

A vulnerability has been discovered within the widely used Bash software included on Linux and Mac operating systems, raising concerns about an exploit that some experts say stands to be more damaging than the Heartbleed bug identified earlier this year.

Researchers revealed on Wednesday this week that a bug has been spotted in Bash — a command-line shell developed in the 1980s and common to Linux and Unix systems — the likes of which may allow attackers to target computers and, if successful, run malicious codes that could let them take control of entire servers pertaining to potentially millions of machines.

But while the so-called Heartbleed bug found in April allowed hackers to spy on vulnerable systems due to a previously undiscovered flaw in the open-source encryption software called OpenSSL, security experts say already that the Bash exploit — being referred to as “Shellshock”— is more severe because exploiting it could allow attackers to seize systems that are vulnerable by running unauthorized code that, in a worst case scenario, gives them full privileges on the plundered machine.

"The method of exploiting this issue is also far simpler,” Dan Guido, the chief executive of a cybersecurity firm Trail of Bits, told Reuters on Wednesday this week of the differences. “You can just cut and paste a line of code and get good results.”

After discovery of Shellshock was identified by researcher Stephane Schazelas on Wednesday, the United States Computer Emergency Readiness Team, or US-CERT, acknowledged the severity of the issue by releasing a statement warning that “exploitation of this vulnerability may allow a remote attacker to execute arbitrary code on an affected system.”

Heartbleed logo

“In other words, it allows the user to type commands into a simple text-based window, which the operating system will then run,” security company Symantec said in a warning on Thursday.

"Using this vulnerability, attackers can potentially take over the operating system, access confidential information, make changes, et cetera," Tod Beardsley, an engineering manager at cybersecurity firm Rapid7, added to Reuters. "Anybody with systems using Bash needs to deploy the patch immediately."

On the government’s official CERT website, a statement tells visitors to read a Wednesday blog post on the website of security company Red Hat where researchers said patching the exploit was a “critical priority” and, given the “pervasive use of the Bash shell,” should be acknowledged by everyone as a serious vulnerability. Separately, the National Vulnerability Database — a group sponsored by the US Department of Homeland Security, CERT and the National Institute of Standards and Technology — gave the bug a rating of “10” in terms of severity, its highest.

Among those who say Shellshock poses a bigger risk than Heartbleed is Robert Graham, a computer expert at co-founder of Errata Security, who tweeted this week that “enough systems are vulnerable for this to be a real concern.”

“Luckily, since bash is open-source, this bug was quickly found before it became widely deployed,” Graham tweeted, but with the caveat: “This ‘bash’ bug is probably a bigger deal than Heartbleed.”

Indeed, a preliminary scan conducted by Graham this week discovered no fewer than 3,000 vulnerable systems. “Consequently,” he wrote, “…this thing is clearly wormable, and can easily worm past firewalls and infect lots of systems. One key question is whether Mac OS X and iPhone DHCP service is vulnerable — once the worm gets behind a firewall and runs a hostile DHCP server, that would ‘game over’ for large networks.”

Patches have since been released that are intended to prevent attacks from exploiting the Bash bug, but the Red Hat security blog said on Thursday that attempts to fix the glitch have so far been incomplete.

Post Comment   Private Reply   Ignore Thread  


TopPage UpFull ThreadPage DownBottom/Latest

#1. To: Tatarewicz (#0)

Thanks for the heads up.

Pinguinite  posted on  2014-09-26   4:31:26 ET  Reply   Trace   Private Reply  


#2. To: Pinguinite, Tatarewicz, Lod, Jethro Tull, christine, Horse, All (#1)

More on this very serious computer virus....

Hackers are already exploiting the Shellshock bug, as we speak, because "fixes" are proving to be ineffective - they are going after the servers:

www.theglobeandmail.com/t...ffective/article20791606/

snip

Shellshock is a flaw in a ubiquitous interface that affects a wide range of computer systems and computer-driven devices.

“We have billions of devices on the Internet and we’re still going to see millions that have this problem,” Josh Bressers, a member of the security response team at the North Carolina technology firm Red Hat, said in an interview.

The bug was discovered by a French programmer who was worried that the interface was behaving in a “naive way” and was open to accepting malicious code.

“The only people who don’t have to worry about it are people who are running Windows consumers PCs or devices that are smaller than five centimetres by five centimetres,” Prof. Skillicorn said.

“Absolutely everything in between is almost certainly affected.”

This, he said, could include computers running on Linux and Mac OS X operating systems, website servers, Internet-enabled devices such as remote webcams, Wifi routers, cable modems, even Internet-enabled appliances.

Major security firms were sending out patches to remedy the problem.

scrapper2  posted on  2014-09-26   12:05:28 ET  Reply   Trace   Private Reply  


#3. To: scrapper2, Pinguinite, Tatarewicz, Lod, christine, Horse, All (#2)

Shellshock is a flaw in a ubiquitous interface that affects a wide range of computer systems and computer-driven devices.

Can someone give me an entry level explanation on what I need to do in order to protect this Tandy PC of mine?

Jethro Tull  posted on  2014-09-26   18:21:53 ET  Reply   Trace   Private Reply  


#4. To: Jethro Tull, scrapper2, Tatarewicz, Lod, christine, Horse, All (#3)

Solid info is not around yet, but apart from completely disconnecting from the internet, there's not much most people who's PC's and such are vulnerable can actually do at this point. You are either vulnerable, or not.

If you are running windows only, you are safe.

Linux and Apple systems are potentially vulnerable.

If you have a router and it's running "BASH" (Bourne Again SHell), which is a linux program which accepts and processes commands, it *could* be vulnerable. BASH is the program which contains this bug. I don't know yet how you can tell if your router uses BASH.

Because BASH has been around for such a long time, many other independent devices have it incorporated. Patching them will be the biggest challenge because such devices generally are never updated.

For the most part, linux servers, such as web servers, contain this bug and are will be the first to be targeted.

If you do have a linux system, run your update manager frequently to try to get the patch as soon as it's available.

BTW, to test your linux system, you can open up a terminal window and paste this into it and press return:

---------------------
x='() { :;}; echo VULNERABLE' bash -c :
---------------------

If you get "VULNERABLE" printed on your screen, you have the bug. If you get something like:

---------------------
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
---------------------

Then your system is patched and you're safe.

Pinguinite  posted on  2014-09-27   13:02:27 ET  Reply   Trace   Private Reply  


#5. To: Pinguinite (#4)

Thanks Neil. I got vulnerable, now I will see if they have a patch yet. Thanks again.

Americans who have no experience with, or knowledge of, tyranny believe that only terrorists will experience the unchecked power of the state. They will believe this until it happens to them, or their children, or their friends. Paul Craig Roberts

"When plunder becomes a way of life for a group of men living together in society, they create for themselves in the course of time a legal system that authorizes it and a moral code that glorifies it." Frederic Bastiat

James Deffenbach  posted on  2014-09-27   15:24:04 ET  Reply   Trace   Private Reply  


#6. To: All (#5)

Updated and now I get what you said I should when it was safe.

Americans who have no experience with, or knowledge of, tyranny believe that only terrorists will experience the unchecked power of the state. They will believe this until it happens to them, or their children, or their friends. Paul Craig Roberts

"When plunder becomes a way of life for a group of men living together in society, they create for themselves in the course of time a legal system that authorizes it and a moral code that glorifies it." Frederic Bastiat

James Deffenbach  posted on  2014-09-27   15:32:42 ET  Reply   Trace   Private Reply  


#7. To: James Deffenbach (#6) (Edited)

What linux are you running?

Oh.... there have been patches issued, but also warnings that they are not complete, so keep doing updates for the next week or two.

Pinguinite  posted on  2014-09-27   15:53:05 ET  Reply   Trace   Private Reply  


#8. To: Pinguinite (#7)

I use PCLOS. I usually update pretty often but this time I got a new team viewer (updated version of it anyway--I had 8 and now it's 9).

Americans who have no experience with, or knowledge of, tyranny believe that only terrorists will experience the unchecked power of the state. They will believe this until it happens to them, or their children, or their friends. Paul Craig Roberts

"When plunder becomes a way of life for a group of men living together in society, they create for themselves in the course of time a legal system that authorizes it and a moral code that glorifies it." Frederic Bastiat

James Deffenbach  posted on  2014-09-27   16:29:15 ET  Reply   Trace   Private Reply  


#9. To: Pinguinite (#4)

Neil, would you mind if I posted this info on fb? There are probably people who post there who use Linux and Macs who don't know about this bug. I will give you credit for it under your real name or Pinguinite.

Americans who have no experience with, or knowledge of, tyranny believe that only terrorists will experience the unchecked power of the state. They will believe this until it happens to them, or their children, or their friends. Paul Craig Roberts

"When plunder becomes a way of life for a group of men living together in society, they create for themselves in the course of time a legal system that authorizes it and a moral code that glorifies it." Frederic Bastiat

James Deffenbach  posted on  2014-09-27   16:31:17 ET  Reply   Trace   Private Reply  


#10. To: James Deffenbach (#9)

Please don't credit me at all. I'm just learning this myself from other websites. I frankly don't understand much about how bash works under the hood. But thanks for asking.

Pinguinite  posted on  2014-09-28   3:16:10 ET  Reply   Trace   Private Reply  


#11. To: Pinguinite (#10)

Thank you. It may help someone just as it did me.

Americans who have no experience with, or knowledge of, tyranny believe that only terrorists will experience the unchecked power of the state. They will believe this until it happens to them, or their children, or their friends. Paul Craig Roberts

"When plunder becomes a way of life for a group of men living together in society, they create for themselves in the course of time a legal system that authorizes it and a moral code that glorifies it." Frederic Bastiat

James Deffenbach  posted on  2014-09-28   5:25:59 ET  Reply   Trace   Private Reply  


TopPage UpFull ThreadPage DownBottom/Latest


[Home]  [Headlines]  [Latest Articles]  [Latest Comments]  [Post]  [Sign-in]  [Mail]  [Setup]  [Help]