Jump to content
Banhammer Forums
Sign in to follow this  
thecomputerdude

Bing bang BASH. Unix Strikes Again!

Recommended Posts

So apparently the entire Unix/Linux world has fallen victim to a BASH/SH bug that allows an attacker to run any command they want on networked BASH-based consoles:

 

http://www.engadget.com/2014/09/24/bash-shell-security-flaw/

 

Lock up yo' chillens' and hide yo' mama, cause there's no telling how many devices/Unix variants are vulnerable. Especially your webcam.

Share this post


Link to post
Share on other sites

I think it's awesome that you are aware and informing everyone :) I just want to clear up some misconceptions that are presented in your link.

 

ShellShock isn't worse than heartbleed - don't believe all the hype.

 

http://www.infoworld.com/article/2687975/security/four-no-bull-facts-to-know-about-the-shellshock-bash-bug.html

 

This explains it better than I could.

 

Upon review of all the customers in our environment - we found a very small number to be actually vulnerable to this via cgi scripts.

As a rule, I have always recommended against running anything cgi.

Share this post


Link to post
Share on other sites

Heartbleed actually wasn't that bad either...not very "infectious", if that word applies to computer malware. I suppose these bits of malware are considered dangerous because of the threat they pose POST-infection.

 

The Crypto-locker variants are particularly nasty though, if I say so myself. Lesson to be learned...unplug your backup drive when you aren't using it! Also...stop opening random PDF attachments.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×