[Home]  [Headlines]  [Latest Articles]  [Latest Comments]  [Post]  [Sign-in]  [Mail]  [Setup]  [Help] 

Status: Not Logged In; Sign In

The Media Flips Over Tulsi & Matt Gaetz, Biden & Trump Take A Pic, & Famous People Leave Twitter!

4 arrested in California car insurance scam: 'Clearly a human in a bear suit'

Silk Road Founder Trusts Trump To 'Honor His Pledge' For Commutation

"You DESERVED to LOSE the Senate, the House, and the Presidency!" - Jordan Peterson

"Grand Political Theatre"; FBI Raids Home Of Polymarket CEO; Seize Phone, Electronics

Schoolhouse Limbo: How Low Will Educators Go To Better Grades?

BREAKING: U.S. Army Officers Made a Desperate Attempt To Break Out of The Encirclement in KURSK

Trumps team drawing up list of Pentagon officers to fire, sources say

Israeli Military Planning To Stay in Gaza Through 2025

Hezbollah attacks Israeli army's Tel Aviv HQ twice in one day

People Can't Stop Talking About Elon's Secret Plan For MSNBC And CNN Is Totally Panicking

Tucker Carlson UNLOADS on Diddy, Kamala, Walz, Kimmel, Rich Girls, Conspiracy Theories, and the CIA!

"We have UFO technology that enables FREE ENERGY" Govt. Whistleblowers

They arrested this woman because her son did WHAT?

Parody Ad Features Company That Offers to Cryogenically Freeze Liberals for Duration of TrumpÂ’s Presidency

Elon and Vivek BEGIN Reforming Government, Media LOSES IT

Dear Border Czar: This Nonprofit Boasts A List Of 400 Companies That Employ Migrants

US Deficit Explodes: Blowout October Deficit Means 2nd Worst Start To US Fiscal Year On Record

Gaetz Resigns 'Effective Immediately' After Trump AG Pick; DC In Full Blown Panic

MAHA MEME

noone2222 and John Bolton sitting in a tree K I S S I N G

Donald Trump To Help Construct The Third Temple?

"The Elites Want To ROB Us of Our SOVEREIGNTY!" | Robert F Kennedy

Take Your Money OUT of THESE Banks NOW! - Jim Rickards

Trump Taps Tulsi Gabbard As Director Of National Intelligence

DC In Full Blown Panic After Trump Picks Matt Gaetz For Attorney General

Cleveland Clinic Warns Wave of Mass Deaths Will Wipe Out Covid-Vaxxed Within ‘5 Years’

Judah-ism is as Judah-ism does

Danger ahead: November 2024, Boston Dynamics introduces a fully autonomous "Atlas" robot. Robot humanoids are here.

Trump names [Fox News host] Pete Hegseth as his Defense secretary


Science/Tech
See other Science/Tech Articles

Title: Worse than Heartbleed: ‘Shellshock’ Bash bug threatens millions of computer systems worldwide
Source: [None]
URL Source: [None]
Published: Sep 26, 2014
Author: staff
Post Date: 2014-09-26 02:02:42 by Tatarewicz
Keywords: None
Views: 235
Comments: 11

RT...

A vulnerability has been discovered within the widely used Bash software included on Linux and Mac operating systems, raising concerns about an exploit that some experts say stands to be more damaging than the Heartbleed bug identified earlier this year.

Researchers revealed on Wednesday this week that a bug has been spotted in Bash — a command-line shell developed in the 1980s and common to Linux and Unix systems — the likes of which may allow attackers to target computers and, if successful, run malicious codes that could let them take control of entire servers pertaining to potentially millions of machines.

But while the so-called Heartbleed bug found in April allowed hackers to spy on vulnerable systems due to a previously undiscovered flaw in the open-source encryption software called OpenSSL, security experts say already that the Bash exploit — being referred to as “Shellshock”— is more severe because exploiting it could allow attackers to seize systems that are vulnerable by running unauthorized code that, in a worst case scenario, gives them full privileges on the plundered machine.

"The method of exploiting this issue is also far simpler,” Dan Guido, the chief executive of a cybersecurity firm Trail of Bits, told Reuters on Wednesday this week of the differences. “You can just cut and paste a line of code and get good results.”

After discovery of Shellshock was identified by researcher Stephane Schazelas on Wednesday, the United States Computer Emergency Readiness Team, or US-CERT, acknowledged the severity of the issue by releasing a statement warning that “exploitation of this vulnerability may allow a remote attacker to execute arbitrary code on an affected system.”

Heartbleed logo

“In other words, it allows the user to type commands into a simple text-based window, which the operating system will then run,” security company Symantec said in a warning on Thursday.

"Using this vulnerability, attackers can potentially take over the operating system, access confidential information, make changes, et cetera," Tod Beardsley, an engineering manager at cybersecurity firm Rapid7, added to Reuters. "Anybody with systems using Bash needs to deploy the patch immediately."

On the government’s official CERT website, a statement tells visitors to read a Wednesday blog post on the website of security company Red Hat where researchers said patching the exploit was a “critical priority” and, given the “pervasive use of the Bash shell,” should be acknowledged by everyone as a serious vulnerability. Separately, the National Vulnerability Database — a group sponsored by the US Department of Homeland Security, CERT and the National Institute of Standards and Technology — gave the bug a rating of “10” in terms of severity, its highest.

Among those who say Shellshock poses a bigger risk than Heartbleed is Robert Graham, a computer expert at co-founder of Errata Security, who tweeted this week that “enough systems are vulnerable for this to be a real concern.”

“Luckily, since bash is open-source, this bug was quickly found before it became widely deployed,” Graham tweeted, but with the caveat: “This ‘bash’ bug is probably a bigger deal than Heartbleed.”

Indeed, a preliminary scan conducted by Graham this week discovered no fewer than 3,000 vulnerable systems. “Consequently,” he wrote, “…this thing is clearly wormable, and can easily worm past firewalls and infect lots of systems. One key question is whether Mac OS X and iPhone DHCP service is vulnerable — once the worm gets behind a firewall and runs a hostile DHCP server, that would ‘game over’ for large networks.”

Patches have since been released that are intended to prevent attacks from exploiting the Bash bug, but the Red Hat security blog said on Thursday that attempts to fix the glitch have so far been incomplete.

Post Comment   Private Reply   Ignore Thread  


TopPage UpFull ThreadPage DownBottom/Latest

#1. To: Tatarewicz (#0)

Thanks for the heads up.

Pinguinite  posted on  2014-09-26   4:31:26 ET  Reply   Trace   Private Reply  


#2. To: Pinguinite, Tatarewicz, Lod, Jethro Tull, christine, Horse, All (#1)

More on this very serious computer virus....

Hackers are already exploiting the Shellshock bug, as we speak, because "fixes" are proving to be ineffective - they are going after the servers:

www.theglobeandmail.com/t...ffective/article20791606/

snip

Shellshock is a flaw in a ubiquitous interface that affects a wide range of computer systems and computer-driven devices.

“We have billions of devices on the Internet and we’re still going to see millions that have this problem,” Josh Bressers, a member of the security response team at the North Carolina technology firm Red Hat, said in an interview.

The bug was discovered by a French programmer who was worried that the interface was behaving in a “naive way” and was open to accepting malicious code.

“The only people who don’t have to worry about it are people who are running Windows consumers PCs or devices that are smaller than five centimetres by five centimetres,” Prof. Skillicorn said.

“Absolutely everything in between is almost certainly affected.”

This, he said, could include computers running on Linux and Mac OS X operating systems, website servers, Internet-enabled devices such as remote webcams, Wifi routers, cable modems, even Internet-enabled appliances.

Major security firms were sending out patches to remedy the problem.

scrapper2  posted on  2014-09-26   12:05:28 ET  Reply   Trace   Private Reply  


#3. To: scrapper2, Pinguinite, Tatarewicz, Lod, christine, Horse, All (#2)

Shellshock is a flaw in a ubiquitous interface that affects a wide range of computer systems and computer-driven devices.

Can someone give me an entry level explanation on what I need to do in order to protect this Tandy PC of mine?

Jethro Tull  posted on  2014-09-26   18:21:53 ET  Reply   Trace   Private Reply  


#4. To: Jethro Tull, scrapper2, Tatarewicz, Lod, christine, Horse, All (#3)

Solid info is not around yet, but apart from completely disconnecting from the internet, there's not much most people who's PC's and such are vulnerable can actually do at this point. You are either vulnerable, or not.

If you are running windows only, you are safe.

Linux and Apple systems are potentially vulnerable.

If you have a router and it's running "BASH" (Bourne Again SHell), which is a linux program which accepts and processes commands, it *could* be vulnerable. BASH is the program which contains this bug. I don't know yet how you can tell if your router uses BASH.

Because BASH has been around for such a long time, many other independent devices have it incorporated. Patching them will be the biggest challenge because such devices generally are never updated.

For the most part, linux servers, such as web servers, contain this bug and are will be the first to be targeted.

If you do have a linux system, run your update manager frequently to try to get the patch as soon as it's available.

BTW, to test your linux system, you can open up a terminal window and paste this into it and press return:

---------------------
x='() { :;}; echo VULNERABLE' bash -c :
---------------------

If you get "VULNERABLE" printed on your screen, you have the bug. If you get something like:

---------------------
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
---------------------

Then your system is patched and you're safe.

Pinguinite  posted on  2014-09-27   13:02:27 ET  Reply   Trace   Private Reply  


#5. To: Pinguinite (#4)

Thanks Neil. I got vulnerable, now I will see if they have a patch yet. Thanks again.

Americans who have no experience with, or knowledge of, tyranny believe that only terrorists will experience the unchecked power of the state. They will believe this until it happens to them, or their children, or their friends. Paul Craig Roberts

"When plunder becomes a way of life for a group of men living together in society, they create for themselves in the course of time a legal system that authorizes it and a moral code that glorifies it." Frederic Bastiat

James Deffenbach  posted on  2014-09-27   15:24:04 ET  Reply   Trace   Private Reply  


#6. To: All (#5)

Updated and now I get what you said I should when it was safe.

Americans who have no experience with, or knowledge of, tyranny believe that only terrorists will experience the unchecked power of the state. They will believe this until it happens to them, or their children, or their friends. Paul Craig Roberts

"When plunder becomes a way of life for a group of men living together in society, they create for themselves in the course of time a legal system that authorizes it and a moral code that glorifies it." Frederic Bastiat

James Deffenbach  posted on  2014-09-27   15:32:42 ET  Reply   Trace   Private Reply  


#7. To: James Deffenbach (#6) (Edited)

What linux are you running?

Oh.... there have been patches issued, but also warnings that they are not complete, so keep doing updates for the next week or two.

Pinguinite  posted on  2014-09-27   15:53:05 ET  Reply   Trace   Private Reply  


#8. To: Pinguinite (#7)

I use PCLOS. I usually update pretty often but this time I got a new team viewer (updated version of it anyway--I had 8 and now it's 9).

Americans who have no experience with, or knowledge of, tyranny believe that only terrorists will experience the unchecked power of the state. They will believe this until it happens to them, or their children, or their friends. Paul Craig Roberts

"When plunder becomes a way of life for a group of men living together in society, they create for themselves in the course of time a legal system that authorizes it and a moral code that glorifies it." Frederic Bastiat

James Deffenbach  posted on  2014-09-27   16:29:15 ET  Reply   Trace   Private Reply  


#9. To: Pinguinite (#4)

Neil, would you mind if I posted this info on fb? There are probably people who post there who use Linux and Macs who don't know about this bug. I will give you credit for it under your real name or Pinguinite.

Americans who have no experience with, or knowledge of, tyranny believe that only terrorists will experience the unchecked power of the state. They will believe this until it happens to them, or their children, or their friends. Paul Craig Roberts

"When plunder becomes a way of life for a group of men living together in society, they create for themselves in the course of time a legal system that authorizes it and a moral code that glorifies it." Frederic Bastiat

James Deffenbach  posted on  2014-09-27   16:31:17 ET  Reply   Trace   Private Reply  


#10. To: James Deffenbach (#9)

Please don't credit me at all. I'm just learning this myself from other websites. I frankly don't understand much about how bash works under the hood. But thanks for asking.

Pinguinite  posted on  2014-09-28   3:16:10 ET  Reply   Trace   Private Reply  


#11. To: Pinguinite (#10)

Thank you. It may help someone just as it did me.

Americans who have no experience with, or knowledge of, tyranny believe that only terrorists will experience the unchecked power of the state. They will believe this until it happens to them, or their children, or their friends. Paul Craig Roberts

"When plunder becomes a way of life for a group of men living together in society, they create for themselves in the course of time a legal system that authorizes it and a moral code that glorifies it." Frederic Bastiat

James Deffenbach  posted on  2014-09-28   5:25:59 ET  Reply   Trace   Private Reply  


TopPage UpFull ThreadPage DownBottom/Latest


[Home]  [Headlines]  [Latest Articles]  [Latest Comments]  [Post]  [Sign-in]  [Mail]  [Setup]  [Help]