Bash / Shellshock The Fix And Concern

Fixing Bash

 

Well first things first .
There are many devices that utilizes bash , basically anything that uses a derivative of Linux .
Phones , cameras and WordPress and other web structures .

The determination

Hopefully you have Ben keeping your ear to the ground so you know wen and if theses vulnerabilities come to light .
If you are running an OS running terminal there is a way to determine if you are vulnerable and there are updates available .
I actually ran the test three ways .
1 ) On a machine that had Ben updated .
2 ) On a machine that hadn’t Ben updated .
The reason being was for authentication purposes and sure enough the result were tried and proven .
3 ) I ran the test on my machine after the patch to see the results ( request ignored ) .
But most obviously this is just a preliminary fix with more to come to mop up the rest of the issue .

Whats all The Concern

Manipulation for example but not limited to servers , its were we do the most handshaking and were ever your system handshakes to if a system or server is vulnerable the said code could be run and than after that further code allowing the said manipulator to change or do what they will , rendering the system and or server to there control .

Other Concerns

Flash drives there has Ben a lot of manipulation going there for a while now I am not sure if the bash code is related but its something to consider for this reason I will link you to my prier article
Flash Drive
Portable hard drives are at risk as well .
The list goes on and on .
So without further delay straight out of the archives of engadget I give the bash fix if your running an OS which uses the Linux Terminal .

http://www.engadget.com/2014/09/25/what-is-the-shellshock/

I am also including a link of vendors affected straight out of the archives of mnemonic .

http://www.mnemonic.no/en/Andre-sprak/English/Blog/Status-on-products-versus-vulnerability-in-Bash-CVE-2014-6271/

As well this nicely orchestrated video

In Conclusion

Most major businesses should have already updated there servers and its not a bad idea to check with all vender’s in order to determine wen an update becomes available for other products .
And always do your home work and keep your ear close to the ground to here the next rumbling security hack stay safe .
Have a good day riding the programmers wave of the hack , back doors baby ya got love them peace I am out .

Update For Bash

 

As I had stated previously the fixes for bash ( shellshock ) were only preliminary .
According to engadget the problem is a lot bigger than expected and an attackable code could still be written .
And to fix it totally would cause a lot of issues at this time .
So without further delay I give the not so fixed bash straight out of the archives of engadget .

http://www.engadget.com/2014/09/28/shellshock-not-really-fixed/?ncid=rss_truncated

The new Conclusion

You would think there are people scrambling trying to figure out this whole dilemma .
Sooner or later the balance will be between security and apps that will have to be rewritten .
But the question remains how would this even out , with the consumer in the purchased app area ?
Peace have a great day I am out .

Leave a comment

Your email address will not be published. Required fields are marked *


9 + = fifteen