More issues with shellshock :(
http://mashable.com/2014/09/29/shellshock-additional-vulnerabilities/
On Sun, Sep 28, 2014 at 8:08 PM, J. Landman Gay jac...@hyperactivesw.com
wrote:
My client will be happy about that.
On September 28, 2014 12:07:07 PM CDT, Mark Wieder mwie...@ahsoftware.net
Okay so if you turn off SSH in the Sharing panel, no one is getting at your Mac
anyway. Just turn it off. Routers and Cameras on the other hand you may not be
able to turn it off, those are the devices you *really* need to be concerned
about.
Bob S
On Sep 25, 2014, at 13:12 , Mark
If you have enabled SSH in the sharing panel of preferences.
Bob S
On Sep 26, 2014, at 14:33 , Bruce Pokras bruc...@comcast.net wrote:
Can anyone explain exactly what this means? What are those special, advanced
Unix services?
But Apple said in an emailed statement that most of its users
A jailbroken iPhone has shell capability.
Bob S
On Sep 27, 2014, at 20:04 , J. Landman Gay
jac...@hyperactivesw.commailto:jac...@hyperactivesw.com wrote:
Yeah. I think a lot of servers will be in trouble, but fewer consumers than the
media makes it out to be. I have discovered:
Android
Jacque-
Saturday, September 27, 2014, 8:04:13 PM, you wrote:
So it seems to me that Apache servers and 'nix users need updating but
other consumers are for the most part okay, including mobile users.
Amazon updated and rebooted *all* their AWS servers the other day, one
by one. I'm thankful
My client will be happy about that.
On September 28, 2014 12:07:07 PM CDT, Mark Wieder mwie...@ahsoftware.net
wrote:
Jacque-
Saturday, September 27, 2014, 8:04:13 PM, you wrote:
So it seems to me that Apache servers and 'nix users need updating
but
other consumers are for the most part
Thanks Rick! I guess between Mark's link to localhost which simply gave me a
cannot connect error in Safari, and your explanation, this is really a
non-issue for the vast majority of OS X users.
Regards,
Bruce
On Sep 27, 2014, at 12:34 AM, Rick Harrison harri...@all-auctions.com wrote:
Hi
Bruce Pokras wrote:
this is really a non-issue for the vast majority of OS X users.
Most home CLIENT COMPUTERS are probably safe, but many other systems
remain vulnerable, and with things like routers those can compromise
internally-connected clients.
Steven J. Vaughan-Nichols at ZDNet has
I just upgraded my machine with Ubuntu Studio from 14.04 to 14.10
and see that the BASH is 4.3-9, so, fingers crossed.
Richmond.
___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage
For Bruce, unless you have your Mac set up as a server, bash should not be
available remotely.
For Richmond, RedHat just posted their supposedly full batch patch this AM,
although the white hats have run into another issue with the parser, today
that causes a heap overflow. I'm waiting for them
Some of the articles about the vulnerability make it sound like every Mac on
the planet could be taken over by bad guys. Talk about spreading FUD!
On Sep 27, 2014, at 3:04 PM, Mike Kerner mikeker...@roadrunner.com wrote:
For Bruce, unless you have your Mac set up as a server, bash should not
On 9/27/2014, 4:58 PM, Bruce Pokras wrote:
Some of the articles about the vulnerability make it sound like every
Mac on the planet could be taken over by bad guys. Talk about
spreading FUD!
Yeah. I think a lot of servers will be in trouble, but fewer consumers
than the media makes it out to
Now we're working on round 3, by the way. There are some more things that
are coming out from fuzzing the parser. We'll see what the short and
medium-term plans are, but if I read it right, there are probably 3-5 more
patches, minimum, coming.
On Sat, Sep 27, 2014 at 11:04 PM, J. Landman Gay
On Sep 25, 2014, at 6:24 PM, Rick Harrison wrote:
I also went to the real website for Homeland Security:
http://www.dhs.gov/news
There is absolutely nothing about any vulnerability in bash in the news there!
Yes there is. Do a search on their site for shellshock.
Or is there a joke here
Peter-
Friday, September 26, 2014, 8:41:35 AM, you wrote:
Or is there a joke here I'm not getting?
Yeah, Rick was just trolling. Move along, nothing to see here.
Shellshock is a level 10 alert, and there is no 11.
--
-Mark Wieder
ahsoftw...@gmail.com
This communication may be unlawfully
Can anyone explain exactly what this means? What are those special, advanced
Unix services?
But Apple said in an emailed statement that most of its users aren't affected,
as OS X's systems are safe by default and not exposed to remote exploits of
Bash -- unless users have actively turned on
Bruce-
Friday, September 26, 2014, 2:33:12 PM, you wrote:
Can anyone explain exactly what this means? What are those
special, advanced Unix services?
But Apple said in an emailed statement that most of its users
aren't affected, as OS X's systems are safe by default and not
exposed to
Hi Bruce,
I believe those special advanced Unix services Apple is referring to
involves people who have set up their machines to use Unix SSH
to remotely control their machines. This is not set up by default by Apple.
You have to know something about using the Terminal and Unix commands
to set
I've been spending the morning reading up on the recently-discovered
Shell Shock vulnerability.
Most of my Ubuntu machines were already patched, but it seems Apple
hasn't issued a patch as of this writing.
Anyone here heard any definitive word on when Apple will provide a
patch, or when the
Watch the patches. The white hats are discovering that many of them are
incomplete. I've seen at least two follow-up scripts that try to exploit
the patches.
You can always dump bash for another shell, and avoid the issue until it's
fixed for realzies.
On Thu, Sep 25, 2014 at 2:21 PM, Richard
On Sep 25, 2014, at 11:21 AM, Richard Gaskin ambassa...@fourthworld.com
wrote:
Anyone here heard any definitive word on when Apple will provide a patch, or
when the second round of patches for other systems will become available?
Apple just pushed a security update. Installing now.
Mark
You can find a tester for it at
https://shellshocker.net/
Dirk Cleenwerck
On Thu, Sep 25, 2014 at 8:30 PM, Mike Kerner mikeker...@roadrunner.com
wrote:
Watch the patches. The white hats are discovering that many of them are
incomplete. I've seen at least two follow-up scripts that try to
On 25/09/14 21:36, Dirk prive wrote:
You can find a tester for it at
https://shellshocker.net/
Having updated my Linux machines, and then running:
env x='() { :;}; echo vulnerable' bash -c echo this is a test
I get vulnerable
currently filling my knickers.
Richmond.
Dirk Cleenwerck
On
On Sep 25, 2014, at 11:36 AM, Mark Talluto use...@canelasoftware.com wrote:
On Sep 25, 2014, at 11:21 AM, Richard Gaskin ambassa...@fourthworld.com
wrote:
Anyone here heard any definitive word on when Apple will provide a patch, or
when the second round of patches for other systems will
Yes, Richmond, that's today's version. Yesterday's version is supposed to
be patched.
On Thu, Sep 25, 2014 at 2:45 PM, Mark Talluto use...@canelasoftware.com
wrote:
On Sep 25, 2014, at 11:36 AM, Mark Talluto use...@canelasoftware.com
wrote:
On Sep 25, 2014, at 11:21 AM, Richard Gaskin
Here's the email I just got from CERT:
[image: NCCIC / US-CERT]
National Cyber Awareness System:
TA14-268A: GNU Bourne Again Shell (Bash) ‘Shellshock’ Vulnerability
(CVE-2014-6271,CVE-2014-7169)
https://www.us-cert.gov/ncas/alerts/TA14-268A
09/25/2014 12:56 PM EDT
Original release date:
Hi everyone,
I did a few tests on devices that I have available.
Mac OS X 10.4.11 is vulnerable.
Mac OS X 10.6.8 is not vulnerable.
Mac OS X 10.7.11 is vulerable.
After installing the latest security update, 10.7.11 is still vulnerable.
As you know, Ubuntu, most other Linux flavours, and
Pulling the computer from the internet until I hear Apple has fixed it!
I don’t have time to mess with different shells hoping they work.
I’ll check back in a day or so, and do something analog until then.
Thanks for the head’s up!
Rick
___
use-livecode
Well, RedHat was patched early this morning, and appears to be ok.
On Thu, Sep 25, 2014 at 4:33 PM, Rick Harrison harri...@all-auctions.com
wrote:
Pulling the computer from the internet until I hear Apple has fixed it!
I don’t have time to mess with different shells hoping they work.
I’ll
Hmm. RedHat says their patch is incomplete. I wonder what script that I
haven't seen, yet, works.
On Thu, Sep 25, 2014 at 5:01 PM, Mike Kerner mikeker...@roadrunner.com
wrote:
Well, RedHat was patched early this morning, and appears to be ok.
On Thu, Sep 25, 2014 at 4:33 PM, Rick Harrison
Here's the full explanation from RedHat,
https://access.redhat.com/articles/1200223
which is pretty extensive, including a section on mitigation steps
On Thu, Sep 25, 2014 at 5:16 PM, Mike Kerner mikeker...@roadrunner.com
wrote:
Hmm. RedHat says their patch is incomplete. I wonder what
Hey there,
How come if I run:
env x='() { :;}; echo Not vulnerable' bash -c echo this is a test”
I get:
Not vulnerable
Is this a c/bash joke or what?
I also went to the real website for Homeland Security: http://www.dhs.gov/news
There is absolutely nothing about any vulnerability in bash
lmao
Nice.
On Thu, Sep 25, 2014 at 6:24 PM, Rick Harrison harri...@all-auctions.com
wrote:
Hey there,
How come if I run:
env x='() { :;}; echo Not vulnerable' bash -c echo this is a test”
I get:
Not vulnerable
Is this a c/bash joke or what?
I also went to the real website for
33 matches
Mail list logo