Register Guidelines E-Books Today's Posts Search

Go Back   MobileRead Forums > E-Book General > News

Notices

Reply
 
Thread Tools Search this Thread
Old 09-25-2014, 10:03 PM   #1
Lynx-lynx
Treachery of images ...
Lynx-lynx ought to be getting tired of karma fortunes by now.Lynx-lynx ought to be getting tired of karma fortunes by now.Lynx-lynx ought to be getting tired of karma fortunes by now.Lynx-lynx ought to be getting tired of karma fortunes by now.Lynx-lynx ought to be getting tired of karma fortunes by now.Lynx-lynx ought to be getting tired of karma fortunes by now.Lynx-lynx ought to be getting tired of karma fortunes by now.Lynx-lynx ought to be getting tired of karma fortunes by now.Lynx-lynx ought to be getting tired of karma fortunes by now.Lynx-lynx ought to be getting tired of karma fortunes by now.Lynx-lynx ought to be getting tired of karma fortunes by now.
 
Lynx-lynx's Avatar
 
Posts: 4,116
Karma: 92523791
Join Date: May 2012
Location: Australia
Device: Sony 650, Kobo Glo, H2O, Aura One, Forma, Libra 2, Libra Colour
Shellshock: Bash software bug leaves up to 500 million computers at risk of hacking

Mmmm .... I don't know about anyone else but I don't think there'll ever be a 'safe' website.

Quote:
As many as 500 million computers may be at risk from a new software bug dubbed Shellshock that could give hackers a doorway to your desktop.

It is not yet clear exactly how many systems and what type of computers are vulnerable to Shellshock, but researchers say the vulnerability could be worse than the Heartbleed bug that recently put the data of millions of people at risk.
except of article:

Spoiler:
Professor Alan Woodward, a security researcher with the Department of Computing at the University of Surrey in England, said the bug was "potentially huge".

"If you just take the number of websites there are, last week we passed the billion mark, there are now over a billion active websites on the internet and over 50 per cent of those, so 500 million are running this software," he told the ABC's AM program.

"Even if only a tiny fraction of those, we could be talking tens of millions of computers that are vulnerable."

He said it could allow hackers to take control of devices.


ABC link: http://www.abc.net.au/news/2014-09-2...t-risk/5770952

Free software foundation website: http://www.fsf.org/news/free-softwar...-vulnerability

Last edited by pdurrant; 09-26-2014 at 07:24 AM.
Lynx-lynx is offline   Reply With Quote
Old 09-25-2014, 11:11 PM   #2
QuantumIguana
Philosopher
QuantumIguana ought to be getting tired of karma fortunes by now.QuantumIguana ought to be getting tired of karma fortunes by now.QuantumIguana ought to be getting tired of karma fortunes by now.QuantumIguana ought to be getting tired of karma fortunes by now.QuantumIguana ought to be getting tired of karma fortunes by now.QuantumIguana ought to be getting tired of karma fortunes by now.QuantumIguana ought to be getting tired of karma fortunes by now.QuantumIguana ought to be getting tired of karma fortunes by now.QuantumIguana ought to be getting tired of karma fortunes by now.QuantumIguana ought to be getting tired of karma fortunes by now.QuantumIguana ought to be getting tired of karma fortunes by now.
 
QuantumIguana's Avatar
 
Posts: 2,034
Karma: 18736532
Join Date: Jan 2012
Device: Kindle Paperwhite 2 gen, Kindle Fire 1st Gen, Kindle Touch
Passwords ought to be abolished. People have so many passwords that they can't remember them all and the use the same ones over and over or they use very simple passwords, which makes it easy to guess. And thieves can steal credit card information. We have the technology to do away with such primitive things as passwords.
QuantumIguana is offline   Reply With Quote
Advert
Old 09-25-2014, 11:54 PM   #3
darryl
Wizard
darryl ought to be getting tired of karma fortunes by now.darryl ought to be getting tired of karma fortunes by now.darryl ought to be getting tired of karma fortunes by now.darryl ought to be getting tired of karma fortunes by now.darryl ought to be getting tired of karma fortunes by now.darryl ought to be getting tired of karma fortunes by now.darryl ought to be getting tired of karma fortunes by now.darryl ought to be getting tired of karma fortunes by now.darryl ought to be getting tired of karma fortunes by now.darryl ought to be getting tired of karma fortunes by now.darryl ought to be getting tired of karma fortunes by now.
 
darryl's Avatar
 
Posts: 3,108
Karma: 60231510
Join Date: Nov 2011
Location: Australia
Device: Kobo Aura H2O, Kindle Oasis, Huwei Ascend Mate 7
The bug is in the bash shell which is used on most Linux systems and runs on most Unix type operating systems. While Linux is not even in the same ballpark as Windows so far as desktop use is concerned, it is used extensively on servers, including some banks, large companies, even, I seem to recall, at least one stock exchange. There is apparently a "proof of concept" floating around but so far I have seen no reports of any actual hacks.

Linux is my preferred operating system and I use it on my desktop and notebook I will continue to do so. Whilst Linux is a "safer" operating system than Windows it is neither completely safe nor immune. The lesson to be learnt here is that no operating system is completely safe from human ingenuity. We need to be realistic about the environment we are operating in and act accordingly.

If you have a Linux or Unix operating system you need to make sure that it is up to data and the version of bash on your system has been patched for this bug.
darryl is offline   Reply With Quote
Old 09-26-2014, 12:16 AM   #4
gbm
Wizard
gbm ought to be getting tired of karma fortunes by now.gbm ought to be getting tired of karma fortunes by now.gbm ought to be getting tired of karma fortunes by now.gbm ought to be getting tired of karma fortunes by now.gbm ought to be getting tired of karma fortunes by now.gbm ought to be getting tired of karma fortunes by now.gbm ought to be getting tired of karma fortunes by now.gbm ought to be getting tired of karma fortunes by now.gbm ought to be getting tired of karma fortunes by now.gbm ought to be getting tired of karma fortunes by now.gbm ought to be getting tired of karma fortunes by now.
 
Posts: 2,181
Karma: 8888888
Join Date: Jun 2010
Device: Kobo Clara HD,Hisence Sero 7 Pro RIP, Nook STR, jetbook lite
Within the last hour before this post updated bash for the third time today.

bernie
gbm is offline   Reply With Quote
Old 09-26-2014, 11:26 AM   #5
Jessica Lares
Wizard
Jessica Lares ought to be getting tired of karma fortunes by now.Jessica Lares ought to be getting tired of karma fortunes by now.Jessica Lares ought to be getting tired of karma fortunes by now.Jessica Lares ought to be getting tired of karma fortunes by now.Jessica Lares ought to be getting tired of karma fortunes by now.Jessica Lares ought to be getting tired of karma fortunes by now.Jessica Lares ought to be getting tired of karma fortunes by now.Jessica Lares ought to be getting tired of karma fortunes by now.Jessica Lares ought to be getting tired of karma fortunes by now.Jessica Lares ought to be getting tired of karma fortunes by now.Jessica Lares ought to be getting tired of karma fortunes by now.
 
Jessica Lares's Avatar
 
Posts: 2,240
Karma: 5759170
Join Date: Jun 2011
Location: Near Dallas, Texas, USA
Device: iPad Mini, iPod Touch (5th gen)
There are some third-party fixes for OS X floating around, Apple is working on thei own though.

Thy have said that unless you're messing around with it yourself, there shouldn't be a problem to begin with. Basiclly, if you're not running code or a server, you shouldn't be worried.
Jessica Lares is offline   Reply With Quote
Advert
Old 09-26-2014, 12:55 PM   #6
arjaybe
Wizard
arjaybe ought to be getting tired of karma fortunes by now.arjaybe ought to be getting tired of karma fortunes by now.arjaybe ought to be getting tired of karma fortunes by now.arjaybe ought to be getting tired of karma fortunes by now.arjaybe ought to be getting tired of karma fortunes by now.arjaybe ought to be getting tired of karma fortunes by now.arjaybe ought to be getting tired of karma fortunes by now.arjaybe ought to be getting tired of karma fortunes by now.arjaybe ought to be getting tired of karma fortunes by now.arjaybe ought to be getting tired of karma fortunes by now.arjaybe ought to be getting tired of karma fortunes by now.
 
arjaybe's Avatar
 
Posts: 1,066
Karma: 12500000
Join Date: Aug 2013
Location: Okanagan
Device: Sony PRS-650, Kobo Clara
Quote:
As many as 500 million . . .
It is not yet clear . . .
could be worse than . . .
All guesswork and fear-mongering. My desktop received patches almost before I heard about it, and my hosting service has already advised me of their patches.

I've seen people saying that this is even less dangerous than Heartbleed. It's only getting the big blow-up because it's not Windows.
arjaybe is offline   Reply With Quote
Old 09-26-2014, 01:00 PM   #7
HomeInMyShoes
Grand Sorcerer
HomeInMyShoes ought to be getting tired of karma fortunes by now.HomeInMyShoes ought to be getting tired of karma fortunes by now.HomeInMyShoes ought to be getting tired of karma fortunes by now.HomeInMyShoes ought to be getting tired of karma fortunes by now.HomeInMyShoes ought to be getting tired of karma fortunes by now.HomeInMyShoes ought to be getting tired of karma fortunes by now.HomeInMyShoes ought to be getting tired of karma fortunes by now.HomeInMyShoes ought to be getting tired of karma fortunes by now.HomeInMyShoes ought to be getting tired of karma fortunes by now.HomeInMyShoes ought to be getting tired of karma fortunes by now.HomeInMyShoes ought to be getting tired of karma fortunes by now.
 
Posts: 19,226
Karma: 67780237
Join Date: Jul 2011
Device: none
It is more dangerous than Heartbleed because Heartbleed really only allowed looking, not actually controlling as this one does. From a privacy protection standpoint it is a similar risk, but there is more at risk than just passwords and credit card information.
HomeInMyShoes is offline   Reply With Quote
Old 09-26-2014, 03:02 PM   #8
ShellShock
Wizard
ShellShock ought to be getting tired of karma fortunes by now.ShellShock ought to be getting tired of karma fortunes by now.ShellShock ought to be getting tired of karma fortunes by now.ShellShock ought to be getting tired of karma fortunes by now.ShellShock ought to be getting tired of karma fortunes by now.ShellShock ought to be getting tired of karma fortunes by now.ShellShock ought to be getting tired of karma fortunes by now.ShellShock ought to be getting tired of karma fortunes by now.ShellShock ought to be getting tired of karma fortunes by now.ShellShock ought to be getting tired of karma fortunes by now.ShellShock ought to be getting tired of karma fortunes by now.
 
ShellShock's Avatar
 
Posts: 1,178
Karma: 2431850
Join Date: Sep 2008
Device: IPad Mini 2 Retina
You are all at the mercy of my evil master plan, mwahahaha

Last edited by ShellShock; 09-26-2014 at 03:41 PM.
ShellShock is offline   Reply With Quote
Old 09-26-2014, 03:53 PM   #9
taustin
Wizard
taustin ought to be getting tired of karma fortunes by now.taustin ought to be getting tired of karma fortunes by now.taustin ought to be getting tired of karma fortunes by now.taustin ought to be getting tired of karma fortunes by now.taustin ought to be getting tired of karma fortunes by now.taustin ought to be getting tired of karma fortunes by now.taustin ought to be getting tired of karma fortunes by now.taustin ought to be getting tired of karma fortunes by now.taustin ought to be getting tired of karma fortunes by now.taustin ought to be getting tired of karma fortunes by now.taustin ought to be getting tired of karma fortunes by now.
 
Posts: 1,358
Karma: 5766642
Join Date: Aug 2010
Device: Nook
Quote:
Originally Posted by arjaybe View Post
All guesswork and fear-mongering.
I'll say. NPR did a piece on it yesterday, and the expert they were interviewing did not seem to be aware this does not affect Windows. The host, of course, was unaware of what an operating system is.
taustin is offline   Reply With Quote
Old 09-26-2014, 06:14 PM   #10
Apache
Readaholic
Apache ought to be getting tired of karma fortunes by now.Apache ought to be getting tired of karma fortunes by now.Apache ought to be getting tired of karma fortunes by now.Apache ought to be getting tired of karma fortunes by now.Apache ought to be getting tired of karma fortunes by now.Apache ought to be getting tired of karma fortunes by now.Apache ought to be getting tired of karma fortunes by now.Apache ought to be getting tired of karma fortunes by now.Apache ought to be getting tired of karma fortunes by now.Apache ought to be getting tired of karma fortunes by now.Apache ought to be getting tired of karma fortunes by now.
 
Apache's Avatar
 
Posts: 5,277
Karma: 90000484
Join Date: Sep 2011
Location: South Georgia
Device: Surface Pro 6 / Galaxy Tab A 8"
Quote:
Originally Posted by taustin View Post
I'll say. NPR did a piece on it yesterday, and the expert they were interviewing did not seem to be aware this does not affect Windows. The host, of course, was unaware of what an operating system is.

Apache
Apache is offline   Reply With Quote
Old 09-26-2014, 06:48 PM   #11
jgaiser
Omnivorous
jgaiser ought to be getting tired of karma fortunes by now.jgaiser ought to be getting tired of karma fortunes by now.jgaiser ought to be getting tired of karma fortunes by now.jgaiser ought to be getting tired of karma fortunes by now.jgaiser ought to be getting tired of karma fortunes by now.jgaiser ought to be getting tired of karma fortunes by now.jgaiser ought to be getting tired of karma fortunes by now.jgaiser ought to be getting tired of karma fortunes by now.jgaiser ought to be getting tired of karma fortunes by now.jgaiser ought to be getting tired of karma fortunes by now.jgaiser ought to be getting tired of karma fortunes by now.
 
jgaiser's Avatar
 
Posts: 3,283
Karma: 27978909
Join Date: Feb 2008
Location: Rural NW Oregon
Device: Kindle Voyage, Kindle Fire HD, Kindle 3, KPW1
It's important if you have an internet facing system. It is most definitely *not* 500 million computers. The majority of Linux systems are *not* internet servers and as such someone would have to get direct access to the machine and at the point it wouldn't matter. Update you systems. Quickly update your systems if they are serving up cgi or php. Take a deep breath. The world is not ending.
jgaiser is offline   Reply With Quote
Old 09-26-2014, 11:54 PM   #12
Solicitous
Wizard
Solicitous ought to be getting tired of karma fortunes by now.Solicitous ought to be getting tired of karma fortunes by now.Solicitous ought to be getting tired of karma fortunes by now.Solicitous ought to be getting tired of karma fortunes by now.Solicitous ought to be getting tired of karma fortunes by now.Solicitous ought to be getting tired of karma fortunes by now.Solicitous ought to be getting tired of karma fortunes by now.Solicitous ought to be getting tired of karma fortunes by now.Solicitous ought to be getting tired of karma fortunes by now.Solicitous ought to be getting tired of karma fortunes by now.Solicitous ought to be getting tired of karma fortunes by now.
 
Posts: 1,434
Karma: 1525776
Join Date: Aug 2009
Location: TAS, Australia
Device: Astak Pocket Pro (Black), 2 x Kindle WiFi (Graphite), iPod Touch 4G
Quote:
Originally Posted by arjaybe View Post
All guesswork and fear-mongering.
Oh not really. I can confirm 2 out of those 500 million computers are at risk. I checked my laptop this morning and it came back as being vulnerable (and I can only assume given the age of my media centre that it vulnerable too).
Solicitous is offline   Reply With Quote
Old 09-27-2014, 01:02 AM   #13
arjaybe
Wizard
arjaybe ought to be getting tired of karma fortunes by now.arjaybe ought to be getting tired of karma fortunes by now.arjaybe ought to be getting tired of karma fortunes by now.arjaybe ought to be getting tired of karma fortunes by now.arjaybe ought to be getting tired of karma fortunes by now.arjaybe ought to be getting tired of karma fortunes by now.arjaybe ought to be getting tired of karma fortunes by now.arjaybe ought to be getting tired of karma fortunes by now.arjaybe ought to be getting tired of karma fortunes by now.arjaybe ought to be getting tired of karma fortunes by now.arjaybe ought to be getting tired of karma fortunes by now.
 
arjaybe's Avatar
 
Posts: 1,066
Karma: 12500000
Join Date: Aug 2013
Location: Okanagan
Device: Sony PRS-650, Kobo Clara
Quote:
Originally Posted by Solicitous View Post
Oh not really. I can confirm 2 out of those 500 million computers are at risk. I checked my laptop this morning and it came back as being vulnerable (and I can only assume given the age of my media centre that it vulnerable too).
You're right. They did say "As many as 500 million . . ." so that would be anything from zero on up.-)
arjaybe is offline   Reply With Quote
Old 09-27-2014, 05:46 AM   #14
Sregener
Addict
Sregener ought to be getting tired of karma fortunes by now.Sregener ought to be getting tired of karma fortunes by now.Sregener ought to be getting tired of karma fortunes by now.Sregener ought to be getting tired of karma fortunes by now.Sregener ought to be getting tired of karma fortunes by now.Sregener ought to be getting tired of karma fortunes by now.Sregener ought to be getting tired of karma fortunes by now.Sregener ought to be getting tired of karma fortunes by now.Sregener ought to be getting tired of karma fortunes by now.Sregener ought to be getting tired of karma fortunes by now.Sregener ought to be getting tired of karma fortunes by now.
 
Sregener's Avatar
 
Posts: 239
Karma: 1664052
Join Date: Mar 2011
Device: Kindle 4NT
Quote:
Originally Posted by darryl View Post
Whilst Linux is a "safer" operating system than Windows it is neither completely safe nor immune.
At a fundamental level, it is the philosophy behind the software that makes Linux safer. This is for a few reasons.

First, the code is not secret. That means that many security flaws are quickly discovered, because many eyes can see them. Compare this to Windows/OS X which believe obscurity equals protection; they are counting on the fact that because you can't see the code, it will be harder to find the flaws that are there. Especially with Windows, one can see how this "security through obscurity" plays out in the real world.

Second, the code is available for anyone to fix. So patches are created almost instantly and plug holes, often before the public is even aware they exist. Compare the response time of the Linux patch to a typical Windows response of "we'll have a patch ready in a week or two to fix this issue." So instead of hearing that our systems are going to be vulnerable for weeks or months, and being completely at the mercy of one company for that timing, many are discovering that not only is a patch already available for this flaw, they may have already installed it!

This doesn't mean I run Linux. I'm a Mac guy for the productivity tools and the ease-of-use experience I get there. But I firmly believe that Linux is one of the most secure systems for the two reasons listed above, and if I were to run a server as opposed to a workstation, I'd be all over Linux. Nothing short of heaven is perfect, but Linux's security through openness has been a winning formula for years and will continue to be so.
Sregener is offline   Reply With Quote
Old 09-27-2014, 10:40 AM   #15
ShellShock
Wizard
ShellShock ought to be getting tired of karma fortunes by now.ShellShock ought to be getting tired of karma fortunes by now.ShellShock ought to be getting tired of karma fortunes by now.ShellShock ought to be getting tired of karma fortunes by now.ShellShock ought to be getting tired of karma fortunes by now.ShellShock ought to be getting tired of karma fortunes by now.ShellShock ought to be getting tired of karma fortunes by now.ShellShock ought to be getting tired of karma fortunes by now.ShellShock ought to be getting tired of karma fortunes by now.ShellShock ought to be getting tired of karma fortunes by now.ShellShock ought to be getting tired of karma fortunes by now.
 
ShellShock's Avatar
 
Posts: 1,178
Karma: 2431850
Join Date: Sep 2008
Device: IPad Mini 2 Retina
Quote:
Originally Posted by Sregener View Post
Compare this to Windows/OS X which believe obscurity equals protection; they are counting on the fact that because you can't see the code, it will be harder to find the flaws that are there.
Who do you mean by "they"? Microsoft and Apple? Where is your evidence for this statement? With Windows 7 I get regular security patches automatically downloaded. My experience is that Microsoft is extremely security aware, and do their utmost to quickly fix any security holes that are found. This is in their own commercial interest--they have to protect their reputation at all costs.

Quote:
Compare the response time of the Linux patch to a typical Windows response of "we'll have a patch ready in a week or two to fix this issue."
Again, do you have any evidence for this statement? Who are you quoting? My personal experience with Microsoft and Windows 7 is that I get a lot of security patches for things that I didn't even know were vulnerable, which seems to match what happens in the Linux world.

I don't see why you feel you have to bash Microsoft with a lot of unsubstantiated claims, in a thread about a Linux security flaw.
ShellShock is offline   Reply With Quote
Reply


Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Using Sony software (350) on two computers Dixiemsala Sony Reader 5 01-26-2011 01:50 PM
Can the sony reader software be installed on two computers? DarkHaloPrincess Sony Reader 4 06-14-2010 05:31 PM
Sony software bug?! schreibsatcu Sony Reader 17 10-01-2009 08:42 AM
Hacking like we had for the 500? TadW Sony Reader Dev Corner 2 04-03-2008 05:46 AM


All times are GMT -4. The time now is 11:25 PM.


MobileRead.com is a privately owned, operated and funded community.