Alert for Apple and Unix/Linux Users - Shellshock Bug

Discussion in 'Trucking Electronics, Gadgets and Software Forum' started by Dieselboss, Sep 26, 2014.

  1. Sep 26, 2014 #1
    Dieselboss

    Dieselboss Technology Contributor

    1,648
    1,365
    Feb 19, 2009
    DieselBoss.com
    0


    Search link ----- > Latest search results for the Shellshock bug.

    For those using anything running on Linux, Unix, or Apple OS. A new exploit with widespread possibilities was discovered in the last day called the "Shellshock" exploit. There are lots of technical details, but let me boil it down quickly:

    a) it has very widespread implications if most web server/hosting companies who run on Linux/Unix don't patch quickly. So for us who do anything financial online, look for your bank/store/etc to guide you on whether they are patched against it for the next few hours/days before logging in and exposing your financial info.

    b) Apple released a statement that "most" Mac's are not vulnerable "by default." They are quickly working on an OS patch for Mac folks.

    c) Linux and Unix geeks have already created patches, so those should be available in your favorite Linux/Unix type of programmer sites now.

    d) Windows machines and web sites that run are Windows servers are not affected.
     
    Dieselboss, Sep 26, 2014
    Dieselboss, Sep 26, 2014
    #1
    mp4694330 and joseph1135 Thank this.
  2. Truckers Report Jobs

    Trucking Jobs in 30 seconds

    Every month 400 people find a job with the help of TruckersReport.

  3. Sep 26, 2014 #2
    dca

    dca Road Train Member

    6,834
    11,428
    May 31, 2011
    Earth
    0
    Thanks......
     
    dca, Sep 26, 2014
    dca, Sep 26, 2014
    #2
  4. Sep 26, 2014 #3
    KMG365

    KMG365 Light Load Member

    146
    249
    Aug 11, 2014
    0
    This vulnerability is largely being overblown.

    In the case of web servers running Linux/BSD, the server would first have to have the affected bash shell implemented and then have it exposed to the Internet. the bash shell (and other command shells like the korn shell and c-shell) are command line interfaces used to administer a server. The standard practice is to NOT expose administrative services like this to the Internet.

    The vulnerability also affects other devices like load balancers (use to balance traffic across multiple web servers) and firewalls, but again it would be highly unusual to find these services exposed to the Internet.

    Although this is being compared to the widely publicized "Heartbleed" vulnerability which was published earlier in the summer (which had a very real and significant impact to affected web servers and could be publicly exploited); this is different.
     
    KMG365, Sep 26, 2014
    KMG365, Sep 26, 2014
    #3
  5. Sep 26, 2014 #4
    Dumdriver

    Dumdriver Road Train Member

    1,525
    2,138
    Jul 8, 2014
    East Coast
    0
    Dumdriver, Sep 26, 2014
    Dumdriver, Sep 26, 2014
    #4
  7. Sep 26, 2014 #5
    NewbiusErectus

    NewbiusErectus Medium Load Member

    587
    621
    Jun 27, 2012
    0
    Yeah I think Apple pretty much has the shells secured out of the box, mebbe X server is opened up a bit more (if they even offer it anymore?) Linux and the BSD distros seem to have them running by default, or at least did when I was using them several years ago. But that was pretty much the whole point of using *nix at that time lol
     
    NewbiusErectus, Sep 26, 2014
    NewbiusErectus, Sep 26, 2014
    #5
  • Truckers Report Jobs

    Trucking Jobs in 30 seconds

    Every month 400 people find a job with the help of TruckersReport.