Jesus, people are comparing Win7 security with Linux? Tell those guys not to worry, in case of doubt, hire a serious security consulting agency...
2014-10-08 16:57 GMT-03:00 Lars Noodén <[email protected]>: > > The Shellshock vulnerability. > > Desktops were largely unaffected. The machines that were vulnerable > were primarily servers that met three conditions: > > a. running publicly available scripts > > b. those scripts were shell scripts, which is in itself rare as perl, > python, php are common. > > c. those shell scripts were running bash instead of sh, ash or dash > (ubuntu's default for scripts), which is rare for even for public shell > scripts. > > However, given the large number of servers potentially affected, there > were some that turned out to be vulnerable. I'm not sure if the dhcp > client specific to (L)Ubuntu was potentially affected or not. But for > the most part, despite having bash, desktops are not vulnerable because > they are not set up to offer bash (or any other) scripts to outsiders. > > About the patching. Ubuntu patched quickly and a normal update fixes > the problem(s). > > http://www.ubuntu.com/usn/usn-2364-1/ > http://www.ubuntu.com/usn/usn-2363-2/ > http://www.ubuntu.com/usn/usn-2363-1/ > http://www.ubuntu.com/usn/usn-2362-1/ > > There's not a proper date-time stamp on Ubuntu's announcements above, > but the first one at least was right quick more or less concurrent with > the public announcement. Yes, CVE-2014-6271 and co were a big deal due > to a really unfortunate misfeature but part of the visibility is due to > media's enthusiasm for man-bites-dog stories combined with other > interested marketing the heck out of said bugs. > > Lastly, extreme bugs like this and the previous server bug have been > rare which is part of the reason antagonists go out and market the bugs > under a brand name. The other one even had a company go out and > register a web site and hire a web developer to prepare promotional > materials prior to announcing the bug. > > So given the visibility I understand the concern. > > Regards, > /Lars > > -- > Lubuntu-users mailing list > [email protected] > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/lubuntu-users >
-- Lubuntu-users mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lubuntu-users
