Usually do not get warnings for Linux and Mac.
http://www.bbc.co.uk/news/technology-29361794
tut
Exaggeration or dangerous?
Re: Exaggeration or dangerous?
CESG have rated this as high as HeartBleed in severity.
Re: Exaggeration or dangerous?
In fact both use bash so in a sense both are vulnerable (as would be a windows machine running bash, though these are few and far between I suspect).
It's pretty technical and all of the exploits I have seen discussed rely on compromising a web server that uses bash to implement CGI scripts, a somewhat outmoded technique and anyone still doing it would surely be running inside some form of sandbox (if you run apache web server as super user and allow CGI scripts access to your root filesystem, you will get everything you deserve).
Systems that use bash are not inherently vulnerable - so just 'cos your macbook has bash (which it does) does not mean it's vulnerable - there is no network access to your macbook, and if there was, it would be protected by ssh, etc., etc., etc. You can exercise the vulnerability, if you want, just to prove to yourself that it exists ... let me know if you want to know how.
So it's a real issue but not one I would spend a lot of time worrying about unless I was running a server farm.
Cheers,
Robin
It's pretty technical and all of the exploits I have seen discussed rely on compromising a web server that uses bash to implement CGI scripts, a somewhat outmoded technique and anyone still doing it would surely be running inside some form of sandbox (if you run apache web server as super user and allow CGI scripts access to your root filesystem, you will get everything you deserve).
Systems that use bash are not inherently vulnerable - so just 'cos your macbook has bash (which it does) does not mean it's vulnerable - there is no network access to your macbook, and if there was, it would be protected by ssh, etc., etc., etc. You can exercise the vulnerability, if you want, just to prove to yourself that it exists ... let me know if you want to know how.
So it's a real issue but not one I would spend a lot of time worrying about unless I was running a server farm.
Cheers,
Robin
I is in your loomz nibblin ur wirez
#bemoretut
#bemoretut
Re: Exaggeration or dangerous?
I suspected that it would not be aimed at the average plug and play home user, but internet fraud, stolen identity, credit card and bank account accessing, all seem to be getting more prevalent with more people going electronic with no idea of how vulnerable they can be leaving themselves.
Hard to sympathise at times when they pass all their CC and bank details to someone who rings them up and asks for them. And look at the profit you can make buying plots of land in the Rain Forest, or shares in a new diamond mine in Olongapo.
tut
Hard to sympathise at times when they pass all their CC and bank details to someone who rings them up and asks for them. And look at the profit you can make buying plots of land in the Rain Forest, or shares in a new diamond mine in Olongapo.
tut
Re: Exaggeration or dangerous?
Damn, I missed out on the Olongapo diamond mine ... did you manage to get some? Want to sell?
Cheers,
Robin
Cheers,
Robin
I is in your loomz nibblin ur wirez
#bemoretut
#bemoretut
Re: Exaggeration or dangerous?
Fcuk off, they will be worth a fortune. I was in Olongapo in 1967 on one of the biggest combined Forces Exercises ever carried out.
Main Street was bar, brothel, restaurant, Americans scored three dead from bar fights where they think that they can take on anybody, we lost one RM but took out five in return, great times.
tut
Main Street was bar, brothel, restaurant, Americans scored three dead from bar fights where they think that they can take on anybody, we lost one RM but took out five in return, great times.
tut