[Home]  [Headlines]  [Latest Articles]  [Latest Comments]  [Post]  [Sign-in]  [Mail]  [Setup]  [Help] 

Status: Not Logged In; Sign In

Gaetz Resigns 'Effective Immediately' After Trump AG Pick; DC In Full Blown Panic

MAHA MEME

noone2222 and John Bolton sitting in a tree K I S S I N G

Donald Trump To Help Construct The Third Temple?

"The Elites Want To ROB Us of Our SOVEREIGNTY!" | Robert F Kennedy

Take Your Money OUT of THESE Banks NOW! - Jim Rickards

Trump Taps Tulsi Gabbard As Director Of National Intelligence

DC In Full Blown Panic After Trump Picks Matt Gaetz For Attorney General

Cleveland Clinic Warns Wave of Mass Deaths Will Wipe Out Covid-Vaxxed Within ‘5 Years’

Judah-ism is as Judah-ism does

Danger ahead: November 2024, Boston Dynamics introduces a fully autonomous "Atlas" robot. Robot humanoids are here.

Trump names [Fox News host] Pete Hegseth as his Defense secretary

Lefties losing it: Trump’s YMCA dance goes viral

Elon Musk: "15 Products You'll Stop Buying After You Know What They're Made Of"

Walmart And Other Major Retailers Canceling Billions In Orders Amid Fears Of A Dark Winter Ahead

Joe and Jill Biden deliver final 'kick' against Kamala Harris on election day

Relative importance of carbon dioxide and water in the greenhouse effect: Does the tail wag the dog?

Fired FEMA Employee Speaks Out, Says It Was Not Isolated Incident: Colossal Event Of Avoidance

Judge Merchan Hands Trump Historic Victory Donald Receives Stay on Felony Conviction

PNut the Squirrel was marked for death and decapitation from the start as rabies test results are negative

Yemeni forces strike military base in Tel Aviv with hypersonic ballistic missile

SheÂ’s lying. The FEC shows the payment

Speaker Johnson Orders Entire Biden Administration to Preserve and Retain All Records and Documents

Boeing has given up on diversity.

Trump Targeting up to 100,000 Deep Staters for Absolute Exile From DC

FBI Execs Rush to Retire After Trump Victory Leaves Them Shell-Shocked.

Witness to Tragedy: Huge Financial Incentives Led Hospitals to Use COVID Treatments That Killed Patients

‘Knucklehead’: Tim Walz returns to Minnesota ‘defeated'

Study Confirms the Awesome Destructive Power of Sugar in Utero Originally published via Armageddon Prose:

Ukraine mobilizing mentally challenged and deaf people lawmaker


Science/Tech
See other Science/Tech Articles

Title: Worse than Heartbleed: ‘Shellshock’ Bash bug threatens millions of computer systems worldwide
Source: [None]
URL Source: [None]
Published: Sep 26, 2014
Author: staff
Post Date: 2014-09-26 02:02:42 by Tatarewicz
Keywords: None
Views: 234
Comments: 11

RT...

A vulnerability has been discovered within the widely used Bash software included on Linux and Mac operating systems, raising concerns about an exploit that some experts say stands to be more damaging than the Heartbleed bug identified earlier this year.

Researchers revealed on Wednesday this week that a bug has been spotted in Bash — a command-line shell developed in the 1980s and common to Linux and Unix systems — the likes of which may allow attackers to target computers and, if successful, run malicious codes that could let them take control of entire servers pertaining to potentially millions of machines.

But while the so-called Heartbleed bug found in April allowed hackers to spy on vulnerable systems due to a previously undiscovered flaw in the open-source encryption software called OpenSSL, security experts say already that the Bash exploit — being referred to as “Shellshock”— is more severe because exploiting it could allow attackers to seize systems that are vulnerable by running unauthorized code that, in a worst case scenario, gives them full privileges on the plundered machine.

"The method of exploiting this issue is also far simpler,” Dan Guido, the chief executive of a cybersecurity firm Trail of Bits, told Reuters on Wednesday this week of the differences. “You can just cut and paste a line of code and get good results.”

After discovery of Shellshock was identified by researcher Stephane Schazelas on Wednesday, the United States Computer Emergency Readiness Team, or US-CERT, acknowledged the severity of the issue by releasing a statement warning that “exploitation of this vulnerability may allow a remote attacker to execute arbitrary code on an affected system.”

Heartbleed logo

“In other words, it allows the user to type commands into a simple text-based window, which the operating system will then run,” security company Symantec said in a warning on Thursday.

"Using this vulnerability, attackers can potentially take over the operating system, access confidential information, make changes, et cetera," Tod Beardsley, an engineering manager at cybersecurity firm Rapid7, added to Reuters. "Anybody with systems using Bash needs to deploy the patch immediately."

On the government’s official CERT website, a statement tells visitors to read a Wednesday blog post on the website of security company Red Hat where researchers said patching the exploit was a “critical priority” and, given the “pervasive use of the Bash shell,” should be acknowledged by everyone as a serious vulnerability. Separately, the National Vulnerability Database — a group sponsored by the US Department of Homeland Security, CERT and the National Institute of Standards and Technology — gave the bug a rating of “10” in terms of severity, its highest.

Among those who say Shellshock poses a bigger risk than Heartbleed is Robert Graham, a computer expert at co-founder of Errata Security, who tweeted this week that “enough systems are vulnerable for this to be a real concern.”

“Luckily, since bash is open-source, this bug was quickly found before it became widely deployed,” Graham tweeted, but with the caveat: “This ‘bash’ bug is probably a bigger deal than Heartbleed.”

Indeed, a preliminary scan conducted by Graham this week discovered no fewer than 3,000 vulnerable systems. “Consequently,” he wrote, “…this thing is clearly wormable, and can easily worm past firewalls and infect lots of systems. One key question is whether Mac OS X and iPhone DHCP service is vulnerable — once the worm gets behind a firewall and runs a hostile DHCP server, that would ‘game over’ for large networks.”

Patches have since been released that are intended to prevent attacks from exploiting the Bash bug, but the Red Hat security blog said on Thursday that attempts to fix the glitch have so far been incomplete.

Post Comment   Private Reply   Ignore Thread  


TopPage UpFull ThreadPage DownBottom/Latest

#1. To: Tatarewicz (#0)

Thanks for the heads up.

Pinguinite  posted on  2014-09-26   4:31:26 ET  Reply   Trace   Private Reply  


#2. To: Pinguinite, Tatarewicz, Lod, Jethro Tull, christine, Horse, All (#1)

More on this very serious computer virus....

Hackers are already exploiting the Shellshock bug, as we speak, because "fixes" are proving to be ineffective - they are going after the servers:

www.theglobeandmail.com/t...ffective/article20791606/

snip

Shellshock is a flaw in a ubiquitous interface that affects a wide range of computer systems and computer-driven devices.

“We have billions of devices on the Internet and we’re still going to see millions that have this problem,” Josh Bressers, a member of the security response team at the North Carolina technology firm Red Hat, said in an interview.

The bug was discovered by a French programmer who was worried that the interface was behaving in a “naive way” and was open to accepting malicious code.

“The only people who don’t have to worry about it are people who are running Windows consumers PCs or devices that are smaller than five centimetres by five centimetres,” Prof. Skillicorn said.

“Absolutely everything in between is almost certainly affected.”

This, he said, could include computers running on Linux and Mac OS X operating systems, website servers, Internet-enabled devices such as remote webcams, Wifi routers, cable modems, even Internet-enabled appliances.

Major security firms were sending out patches to remedy the problem.

scrapper2  posted on  2014-09-26   12:05:28 ET  Reply   Trace   Private Reply  


#3. To: scrapper2, Pinguinite, Tatarewicz, Lod, christine, Horse, All (#2)

Shellshock is a flaw in a ubiquitous interface that affects a wide range of computer systems and computer-driven devices.

Can someone give me an entry level explanation on what I need to do in order to protect this Tandy PC of mine?

Jethro Tull  posted on  2014-09-26   18:21:53 ET  Reply   Trace   Private Reply  


#4. To: Jethro Tull, scrapper2, Tatarewicz, Lod, christine, Horse, All (#3)

Solid info is not around yet, but apart from completely disconnecting from the internet, there's not much most people who's PC's and such are vulnerable can actually do at this point. You are either vulnerable, or not.

If you are running windows only, you are safe.

Linux and Apple systems are potentially vulnerable.

If you have a router and it's running "BASH" (Bourne Again SHell), which is a linux program which accepts and processes commands, it *could* be vulnerable. BASH is the program which contains this bug. I don't know yet how you can tell if your router uses BASH.

Because BASH has been around for such a long time, many other independent devices have it incorporated. Patching them will be the biggest challenge because such devices generally are never updated.

For the most part, linux servers, such as web servers, contain this bug and are will be the first to be targeted.

If you do have a linux system, run your update manager frequently to try to get the patch as soon as it's available.

BTW, to test your linux system, you can open up a terminal window and paste this into it and press return:

---------------------
x='() { :;}; echo VULNERABLE' bash -c :
---------------------

If you get "VULNERABLE" printed on your screen, you have the bug. If you get something like:

---------------------
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
---------------------

Then your system is patched and you're safe.

Pinguinite  posted on  2014-09-27   13:02:27 ET  Reply   Trace   Private Reply  


#5. To: Pinguinite (#4)

Thanks Neil. I got vulnerable, now I will see if they have a patch yet. Thanks again.

Americans who have no experience with, or knowledge of, tyranny believe that only terrorists will experience the unchecked power of the state. They will believe this until it happens to them, or their children, or their friends. Paul Craig Roberts

"When plunder becomes a way of life for a group of men living together in society, they create for themselves in the course of time a legal system that authorizes it and a moral code that glorifies it." Frederic Bastiat

James Deffenbach  posted on  2014-09-27   15:24:04 ET  Reply   Trace   Private Reply  


#6. To: All (#5)

Updated and now I get what you said I should when it was safe.

Americans who have no experience with, or knowledge of, tyranny believe that only terrorists will experience the unchecked power of the state. They will believe this until it happens to them, or their children, or their friends. Paul Craig Roberts

"When plunder becomes a way of life for a group of men living together in society, they create for themselves in the course of time a legal system that authorizes it and a moral code that glorifies it." Frederic Bastiat

James Deffenbach  posted on  2014-09-27   15:32:42 ET  Reply   Trace   Private Reply  


#7. To: James Deffenbach (#6) (Edited)

What linux are you running?

Oh.... there have been patches issued, but also warnings that they are not complete, so keep doing updates for the next week or two.

Pinguinite  posted on  2014-09-27   15:53:05 ET  Reply   Trace   Private Reply  


#8. To: Pinguinite (#7)

I use PCLOS. I usually update pretty often but this time I got a new team viewer (updated version of it anyway--I had 8 and now it's 9).

Americans who have no experience with, or knowledge of, tyranny believe that only terrorists will experience the unchecked power of the state. They will believe this until it happens to them, or their children, or their friends. Paul Craig Roberts

"When plunder becomes a way of life for a group of men living together in society, they create for themselves in the course of time a legal system that authorizes it and a moral code that glorifies it." Frederic Bastiat

James Deffenbach  posted on  2014-09-27   16:29:15 ET  Reply   Trace   Private Reply  


#9. To: Pinguinite (#4)

Neil, would you mind if I posted this info on fb? There are probably people who post there who use Linux and Macs who don't know about this bug. I will give you credit for it under your real name or Pinguinite.

Americans who have no experience with, or knowledge of, tyranny believe that only terrorists will experience the unchecked power of the state. They will believe this until it happens to them, or their children, or their friends. Paul Craig Roberts

"When plunder becomes a way of life for a group of men living together in society, they create for themselves in the course of time a legal system that authorizes it and a moral code that glorifies it." Frederic Bastiat

James Deffenbach  posted on  2014-09-27   16:31:17 ET  Reply   Trace   Private Reply  


#10. To: James Deffenbach (#9)

Please don't credit me at all. I'm just learning this myself from other websites. I frankly don't understand much about how bash works under the hood. But thanks for asking.

Pinguinite  posted on  2014-09-28   3:16:10 ET  Reply   Trace   Private Reply  


#11. To: Pinguinite (#10)

Thank you. It may help someone just as it did me.

Americans who have no experience with, or knowledge of, tyranny believe that only terrorists will experience the unchecked power of the state. They will believe this until it happens to them, or their children, or their friends. Paul Craig Roberts

"When plunder becomes a way of life for a group of men living together in society, they create for themselves in the course of time a legal system that authorizes it and a moral code that glorifies it." Frederic Bastiat

James Deffenbach  posted on  2014-09-28   5:25:59 ET  Reply   Trace   Private Reply  


TopPage UpFull ThreadPage DownBottom/Latest


[Home]  [Headlines]  [Latest Articles]  [Latest Comments]  [Post]  [Sign-in]  [Mail]  [Setup]  [Help]