↓ Advertise on Defender2 ↓

Home > Off Topic > Shellshock - computer vulnerability
Post Reply  Down to end
Page 1 of 1
Print this entire topic · 
Paddie42



Member Since: 24 Apr 2014
Location: Hamphire
Posts: 230

England 2003 Defender 110 Td5 SW Belize Green
Shellshock - computer vulnerability
There is a serious computer vulnerability that has been found which has the potential to be worse than HeartBleed. Companies seem to be working on a fix, but please be careful..

More information can be found searching for "ShellShock".

or

http://www.theregister.co.uk/2014/09/25/sh...ype_fears/

Kindest regards
Post #360286 26th Sep 2014 12:08pm
View user's profile Send private message View poster's gallery Reply with quote
gilarion



Member Since: 05 Dec 2013
Location: Wales
Posts: 5110

Wales 2007 Defender 90 Other CSW Trident Green
Seems to only affect Mac’s and those running Linux.
Advice is do not use Credit or Debit cards for online purchase. Personally the best advice is never to have large amounts of money in your credit accounts.
It appears that with each passing day the web is becoming more vulnerable to hacks and attacks.
It used to be easy, all you did was ignore an email from a South African unknown relative offering you millions for just sharing your bank account details with them now even Ebay is full of phishing scams.
Post #360292 26th Sep 2014 12:38pm
View user's profile Send private message View poster's gallery Reply with quote
X4SKP



Member Since: 29 Nov 2013
Location: Berkshire
Posts: 2295

United Kingdom 2010 Defender 90 Puma 2.4 SW Stornoway Grey
These types of attacks will be an ongoing issue…

I was once told there are two types of people,
those who have had a data loss
and those who are going to have a data loss.
Back up your data and then back up your back up’s.

Run quality internet security.

Use secure purchase options on-line.

Change your pass-words to high ranking ones.

Try to avoid…

 SKIP
https://www.defender2.net/forum/topic83242.html
Post #360309 26th Sep 2014 2:28pm
View user's profile Send private message View poster's gallery Reply with quote
leeds



Member Since: 28 Dec 2009
Location: West Yorkshire
Posts: 8581

United Kingdom 
Just run the test to see if my mac is vulnerable and sure enough it is - come on apple pull your finger out and let's have a patch please.
This is how I checked
Quote:
You can test your Mac yourself using a simple command in the Terminal application.

Testing for the Bash vulnerability

Double-click on the Utilities folder.
Double-click on Terminal.
Type (or copy and paste) the following command: env X="() { :;} ; echo vulnerable" /bin/sh -c "echo stuff"
If your Mac says "vulnerable," then the version of Bash installed on it is indeed vulnerable to the problem.

In the meantime I am having kittens, I suppose it is payback time for all the times I have felt smug about pc attacks and viruses.
Big Cry
Barbara
Post #360313 26th Sep 2014 3:30pm
View user's profile Send private message View poster's gallery Reply with quote
davew



Member Since: 02 Jan 2012
Location: North Yorkshire
Posts: 888

England 1990 Defender 90 V8 Petrol PU Auto Rioja Red
You put your Mac on the internet ? Do you run a web server on your Mac ?

Unless they have access to run Bash scripts already via a login then it's not an issue for machines that are not accessible from the outside world. Potentially the weakness could be exploited via a trojan application though so be careful what you install on the Mac or just use the security settings to block unsigned apps. Go to System Preferences -> Sharing and make sure "Remote Login" is turned off.

The main vulnerability is for web servers, particularly those that allow direct cgi execution although no doubt there will be further ways to exploit it. Potentially a php script could be used to trigger it but if they've already managed to run arbitrary php scripts then you already have issues. http://www.yorkshireoffroadclub.net/
Post #360314 26th Sep 2014 3:56pm
View user's profile Send private message View poster's gallery Reply with quote
VeeTee



Member Since: 06 Mar 2011
Location: Somewhere
Posts: 1512

Netherlands 
^ Thnx for the explanation Dave. Thumbs Up Cheers, Vincent
1959 Polynorm 1/4 Ton Trailer, Olive Drab Green (sold)
1970 M416 Military Trailer (Camping Trailer Conversion), Epsom Green (sold)
1975 Series III 88 V6, Light Green (sadly sold)
1996 Defender 110 CSW 300 Tdi, Epsom Green (sold)
2000 Freelander 1 TD4 3-drs, Silver (sold)
2006 Freelander 1 TD4 5-drs Facelift Automatic, Tonga Green (sold)

MySite
Post #360316 26th Sep 2014 4:05pm
View user's profile Send private message View poster's gallery Reply with quote
leeds



Member Since: 28 Dec 2009
Location: West Yorkshire
Posts: 8581

United Kingdom 
Thanks Dave - always the voice of reason Very Happy
Barbara
Post #360319 26th Sep 2014 4:17pm
View user's profile Send private message View poster's gallery Reply with quote
ZeDefender



Member Since: 15 Sep 2011
Location: Munich
Posts: 4731

Germany 2011 Defender 110 Puma 2.4 SW Baltic Blue
Okay - I'm vulnerable. Now what?
Doesn't seem to be much advice except "don't use credit cards etc." I don't have much option as I'm stuck in Germany Sad
p.s. still using the app Bow down Thumbs Up Tell someone you love them today because life is short.
But shout it at them in German because life is also terrifying and confusing...
Post #360352 26th Sep 2014 6:07pm
View user's profile Send private message View poster's gallery Reply with quote
scotty38



Member Since: 21 May 2011
Location: Lincolnshire
Posts: 571

England 2012 Defender 110 Puma 2.2 USW Aintree Green
Let's not forget that Linux machines are ridiculously less vulnerable than Windows machines anyway. I know which OS I prefer to run and do any sort of banking transactions on and that hasn't changed in the last few days or so.....
Post #360371 26th Sep 2014 7:09pm
View user's profile Send private message View poster's gallery Reply with quote
AndyS



Member Since: 18 Aug 2012
Location: London
Posts: 595

United Kingdom 2011 Defender 110 Puma 2.4 XS CSW Sumatra Black
It's not that hard to avoid these attacks, they require you to either click on a link to download the virus or open a file sent to you in an email. So don't visit dodgy websites, click on links emailed to you by unknown people or open files sent to you (they usually appear as a zip file in an email saying 'your invoice is attached').
Post #360394 26th Sep 2014 8:53pm
View user's profile Send private message View poster's gallery Post Reply
Post Reply  Back to top
Page 1 of 1
All times are GMT

Jump to  
Previous Topic | Next Topic >
Posting Rules
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



Site Copyright © 2006-2024 Futuranet Ltd & Martin Lewis
DEFENDER2.NET RSS Feed - All Forums