DEFENDER2.NET - View topic - Shellshock

↓ Advertise on Defender2 ↓

Home · FAQ · New Posts · My Posts · PMs · Search · Members · Map · Calendar · Profile · Donate · Register · Log In

Home > Off Topic > Shellshock - computer vulnerability

Page 1 of 1

Print this entire topic ·

Paddie42

Member Since: 24 Apr 2014
Location: Hamphire
Posts: 230

Shellshock - computer vulnerability

There is a serious computer vulnerability that has been found which has the potential to be worse than HeartBleed. Companies seem to be working on a fix, but please be careful..

More information can be found searching for "ShellShock".

or

http://www.theregister.co.uk/2014/09/25/sh...ype_fears/

Kindest regards

26th Sep 2014 1:08pm

gilarion

Member Since: 05 Dec 2013
Location: Wales
Posts: 5084

2007 Defender 90 Other CSW Trident Green

Seems to only affect Mac’s and those running Linux.
Advice is do not use Credit or Debit cards for online purchase. Personally the best advice is never to have large amounts of money in your credit accounts.
It appears that with each passing day the web is becoming more vulnerable to hacks and attacks.
It used to be easy, all you did was ignore an email from a South African unknown relative offering you millions for just sharing your bank account details with them now even Ebay is full of phishing scams.

26th Sep 2014 1:38pm

X4SKP

Member Since: 29 Nov 2013
Location: Berkshire
Posts: 2289

2010 Defender 90 Puma 2.4 SW Stornoway Grey

These types of attacks will be an ongoing issue…

I was once told there are two types of people,
those who have had a data loss
and those who are going to have a data loss.
Back up your data and then back up your back up’s.

Run quality internet security.

Use secure purchase options on-line.

Change your pass-words to high ranking ones.

Try to avoid…

SKIP
https://www.defender2.net/forum/topic83242.html

26th Sep 2014 3:28pm

leeds

Member Since: 28 Dec 2009
Location: West Yorkshire
Posts: 8578

Just run the test to see if my mac is vulnerable and sure enough it is - come on apple pull your finger out and let's have a patch please.
This is how I checked

Quote:
You can test your Mac yourself using a simple command in the Terminal application.

Testing for the Bash vulnerability

Double-click on the Utilities folder.
Double-click on Terminal.
Type (or copy and paste) the following command: env X="() { :;} ; echo vulnerable" /bin/sh -c "echo stuff"
If your Mac says "vulnerable," then the version of Bash installed on it is indeed vulnerable to the problem.

In the meantime I am having kittens, I suppose it is payback time for all the times I have felt smug about pc attacks and viruses.

Barbara

26th Sep 2014 4:30pm

davew

Member Since: 02 Jan 2012
Location: North Yorkshire
Posts: 888

1990 Defender 90 V8 Petrol PU Auto Rioja Red

You put your Mac on the internet ? Do you run a web server on your Mac ?

Unless they have access to run Bash scripts already via a login then it's not an issue for machines that are not accessible from the outside world. Potentially the weakness could be exploited via a trojan application though so be careful what you install on the Mac or just use the security settings to block unsigned apps. Go to System Preferences -> Sharing and make sure "Remote Login" is turned off.

The main vulnerability is for web servers, particularly those that allow direct cgi execution although no doubt there will be further ways to exploit it. Potentially a php script could be used to trigger it but if they've already managed to run arbitrary php scripts then you already have issues. http://www.yorkshireoffroadclub.net/

26th Sep 2014 4:56pm

VeeTee

Member Since: 06 Mar 2011
Location: Somewhere
Posts: 1512

^ Thnx for the explanation Dave.

Cheers, Vincent
1959 Polynorm 1/4 Ton Trailer, Olive Drab Green (sold)
1970 M416 Military Trailer (Camping Trailer Conversion), Epsom Green (sold)
1975 Series III 88 V6, Light Green (sadly sold)
1996 Defender 110 CSW 300 Tdi, Epsom Green (sold)
2000 Freelander 1 TD4 3-drs, Silver (sold)
2006 Freelander 1 TD4 5-drs Facelift Automatic, Tonga Green (sold)

MySite

26th Sep 2014 5:05pm

leeds

Member Since: 28 Dec 2009
Location: West Yorkshire
Posts: 8578

Thanks Dave - always the voice of reason

Barbara

26th Sep 2014 5:17pm

ZeDefender

Member Since: 15 Sep 2011
Location: Munich
Posts: 4731

2011 Defender 110 Puma 2.4 SW Baltic Blue

Okay - I'm vulnerable. Now what?
Doesn't seem to be much advice except "don't use credit cards etc." I don't have much option as I'm stuck in Germany

p.s. still using the app

Tell someone you love them today because life is short.
But shout it at them in German because life is also terrifying and confusing...

26th Sep 2014 7:07pm

scotty38

Member Since: 21 May 2011
Location: Lincolnshire
Posts: 571

2012 Defender 110 Puma 2.2 USW Aintree Green

Let's not forget that Linux machines are ridiculously less vulnerable than Windows machines anyway. I know which OS I prefer to run and do any sort of banking transactions on and that hasn't changed in the last few days or so.....

26th Sep 2014 8:09pm

AndyS

Member Since: 18 Aug 2012
Location: London
Posts: 595

2011 Defender 110 Puma 2.4 XS CSW Sumatra Black

It's not that hard to avoid these attacks, they require you to either click on a link to download the virus or open a file sent to you in an email. So don't visit dodgy websites, click on links emailed to you by unknown people or open files sent to you (they usually appear as a zip file in an email saying 'your invoice is attached').

26th Sep 2014 9:53pm

Page 1 of 1

All times are GMT + 1 Hour

Jump to

< Previous Topic | Next Topic >

Posting Rules

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum