|
![]() |
|
Thread Tools | Search this Thread |
![]() |
#1 | |
Treachery of images ...
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() Posts: 4,116
Karma: 92523791
Join Date: May 2012
Location: Australia
Device: Sony 650, Kobo Glo, H2O, Aura One, Forma, Libra 2, Libra Colour
|
Shellshock: Bash software bug leaves up to 500 million computers at risk of hacking
Mmmm .... I don't know about anyone else but I don't think there'll ever be a 'safe' website.
![]() Quote:
Spoiler:
ABC link: http://www.abc.net.au/news/2014-09-2...t-risk/5770952 Free software foundation website: http://www.fsf.org/news/free-softwar...-vulnerability Last edited by pdurrant; 09-26-2014 at 07:24 AM. |
|
![]() |
![]() |
![]() |
#2 |
Philosopher
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() Posts: 2,034
Karma: 18736532
Join Date: Jan 2012
Device: Kindle Paperwhite 2 gen, Kindle Fire 1st Gen, Kindle Touch
|
Passwords ought to be abolished. People have so many passwords that they can't remember them all and the use the same ones over and over or they use very simple passwords, which makes it easy to guess. And thieves can steal credit card information. We have the technology to do away with such primitive things as passwords.
|
![]() |
![]() |
Advert | |
|
![]() |
#3 |
Wizard
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() Posts: 3,108
Karma: 60231510
Join Date: Nov 2011
Location: Australia
Device: Kobo Aura H2O, Kindle Oasis, Huwei Ascend Mate 7
|
The bug is in the bash shell which is used on most Linux systems and runs on most Unix type operating systems. While Linux is not even in the same ballpark as Windows so far as desktop use is concerned, it is used extensively on servers, including some banks, large companies, even, I seem to recall, at least one stock exchange. There is apparently a "proof of concept" floating around but so far I have seen no reports of any actual hacks.
Linux is my preferred operating system and I use it on my desktop and notebook I will continue to do so. Whilst Linux is a "safer" operating system than Windows it is neither completely safe nor immune. The lesson to be learnt here is that no operating system is completely safe from human ingenuity. We need to be realistic about the environment we are operating in and act accordingly. If you have a Linux or Unix operating system you need to make sure that it is up to data and the version of bash on your system has been patched for this bug. |
![]() |
![]() |
![]() |
#4 |
Wizard
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() Posts: 2,181
Karma: 8888888
Join Date: Jun 2010
Device: Kobo Clara HD,Hisence Sero 7 Pro RIP, Nook STR, jetbook lite
|
Within the last hour before this post updated bash for the third time today.
bernie |
![]() |
![]() |
![]() |
#5 |
Wizard
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() Posts: 2,240
Karma: 5759170
Join Date: Jun 2011
Location: Near Dallas, Texas, USA
Device: iPad Mini, iPod Touch (5th gen)
|
There are some third-party fixes for OS X floating around, Apple is working on thei own though.
Thy have said that unless you're messing around with it yourself, there shouldn't be a problem to begin with. Basiclly, if you're not running code or a server, you shouldn't be worried. |
![]() |
![]() |
Advert | |
|
![]() |
#6 | |
Wizard
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() Posts: 1,066
Karma: 12500000
Join Date: Aug 2013
Location: Okanagan
Device: Sony PRS-650, Kobo Clara
|
Quote:
I've seen people saying that this is even less dangerous than Heartbleed. It's only getting the big blow-up because it's not Windows. |
|
![]() |
![]() |
![]() |
#7 |
Grand Sorcerer
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() Posts: 19,226
Karma: 67780237
Join Date: Jul 2011
Device: none
|
It is more dangerous than Heartbleed because Heartbleed really only allowed looking, not actually controlling as this one does. From a privacy protection standpoint it is a similar risk, but there is more at risk than just passwords and credit card information.
|
![]() |
![]() |
![]() |
#8 |
Wizard
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() Posts: 1,178
Karma: 2431850
Join Date: Sep 2008
Device: IPad Mini 2 Retina
|
You are all at the mercy of my evil master plan, mwahahaha
![]() Last edited by ShellShock; 09-26-2014 at 03:41 PM. |
![]() |
![]() |
![]() |
#9 |
Wizard
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() Posts: 1,358
Karma: 5766642
Join Date: Aug 2010
Device: Nook
|
|
![]() |
![]() |
![]() |
#10 |
Readaholic
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() Posts: 5,277
Karma: 90000484
Join Date: Sep 2011
Location: South Georgia
Device: Surface Pro 6 / Galaxy Tab A 8"
|
|
![]() |
![]() |
![]() |
#11 |
Omnivorous
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() Posts: 3,283
Karma: 27978909
Join Date: Feb 2008
Location: Rural NW Oregon
Device: Kindle Voyage, Kindle Fire HD, Kindle 3, KPW1
|
It's important if you have an internet facing system. It is most definitely *not* 500 million computers. The majority of Linux systems are *not* internet servers and as such someone would have to get direct access to the machine and at the point it wouldn't matter. Update you systems. Quickly update your systems if they are serving up cgi or php. Take a deep breath. The world is not ending.
|
![]() |
![]() |
![]() |
#12 |
Wizard
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() Posts: 1,434
Karma: 1525776
Join Date: Aug 2009
Location: TAS, Australia
Device: Astak Pocket Pro (Black), 2 x Kindle WiFi (Graphite), iPod Touch 4G
|
|
![]() |
![]() |
![]() |
#13 |
Wizard
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() Posts: 1,066
Karma: 12500000
Join Date: Aug 2013
Location: Okanagan
Device: Sony PRS-650, Kobo Clara
|
You're right. They did say "As many as 500 million . . ." so that would be anything from zero on up.-)
|
![]() |
![]() |
![]() |
#14 | |
Addict
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() Posts: 239
Karma: 1664052
Join Date: Mar 2011
Device: Kindle 4NT
|
Quote:
First, the code is not secret. That means that many security flaws are quickly discovered, because many eyes can see them. Compare this to Windows/OS X which believe obscurity equals protection; they are counting on the fact that because you can't see the code, it will be harder to find the flaws that are there. Especially with Windows, one can see how this "security through obscurity" plays out in the real world. Second, the code is available for anyone to fix. So patches are created almost instantly and plug holes, often before the public is even aware they exist. Compare the response time of the Linux patch to a typical Windows response of "we'll have a patch ready in a week or two to fix this issue." So instead of hearing that our systems are going to be vulnerable for weeks or months, and being completely at the mercy of one company for that timing, many are discovering that not only is a patch already available for this flaw, they may have already installed it! This doesn't mean I run Linux. I'm a Mac guy for the productivity tools and the ease-of-use experience I get there. But I firmly believe that Linux is one of the most secure systems for the two reasons listed above, and if I were to run a server as opposed to a workstation, I'd be all over Linux. Nothing short of heaven is perfect, but Linux's security through openness has been a winning formula for years and will continue to be so. |
|
![]() |
![]() |
![]() |
#15 | ||
Wizard
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() Posts: 1,178
Karma: 2431850
Join Date: Sep 2008
Device: IPad Mini 2 Retina
|
Quote:
Quote:
I don't see why you feel you have to bash Microsoft with a lot of unsubstantiated claims, in a thread about a Linux security flaw. |
||
![]() |
![]() |
![]() |
|
![]() |
||||
Thread | Thread Starter | Forum | Replies | Last Post |
Using Sony software (350) on two computers | Dixiemsala | Sony Reader | 5 | 01-26-2011 01:50 PM |
Can the sony reader software be installed on two computers? | DarkHaloPrincess | Sony Reader | 4 | 06-14-2010 05:31 PM |
Sony software bug?! | schreibsatcu | Sony Reader | 17 | 10-01-2009 08:42 AM |
Hacking like we had for the 500? | TadW | Sony Reader Dev Corner | 2 | 04-03-2008 05:46 AM |