For those of you still a little fuzzy on just exactly what the Shellshock Bug actually is, there is a nice little 4 minute video over at YouTube that explains it all very simply - youtube/watch?v=aKShnpOXqn0 . Some GOOD news… If you (or your business) runs on Amazon Web Services, rest easy. Amazon issued a patch for its AWS servers Wednesday. More GOOD news… Most home routers should not be affected by Shellshock, however, the only way to know if yours is affected is to contact the manufacturer via their website and look for a firmware update for your device. It may come out quickly – or not at all, if it is an older device. This type of tedious, watchdog stuff should really be left to your I.T. professional. But…if you are a real DIY kind of person, here’s what you need to know… Want to know how to test your Mac for the Shellshock vulnerability? This (from lifehacker/how-to-check-if-your-mac-or-linux-machine-is-vulnerable-1639211806) is how… Shellshock uses a bash script to access your computer. From there, they can launch programs, enable features, and access files. The script only affects UNIX-based systems, so Linux and Mac are the only ones vulnerable. You can test your system by running this test command from Terminal: env x=() { :;}; echo vulnerable bash -c echo hello If youre not vulnerable, youll get this result: bash: warning: x: ignoring function definition attempt bash: error importing function definition for `x hello If you are vulnerable, youll get: vulnerable hello You can also check the version of bash youre running by entering: bash --version If you get version 3.2.51(1)-release as a result, youll need to update. Many Linux distributions already have patches available, so LINUX USERS can follow these instructions (linuxnews.pro/patch-bash-shell-shock-centos-ubuntu/) to update your system. Mac users are still waiting for a patch, but you can update bash manually using this guide - mac-how-to.wonderhowto/how-to/every-mac-is-vulnerable-shellshock-bash-exploit-heres-patch-os-x-0157606/. Patches have been issued by many of the major Linux distribution vendors for affected versions, including: • Red Hat Enterprise Linux (versions 4 through 7) and the Fedora distribution • CentOS (versions 5 through 7) -lists.centos.org/pipermail/centos/2014-September/146099.html • Ubuntu 10.04 LTS, 12.04 LTS, and 14.04 LTS - ubuntu/usn/usn-2362-1/ • Debian - https://lists.debian.org/debian-security-announce/2014/msg00220.html There is still no patch from Apple at this time. But, if you don’t mind messing around with your Mac a little (you DO have backups, right?), you can go ahead and try and fix the Shellshock vulnerability yourself. Find out how YOU can patch OS X (besides just waiting for Apple to put out a patch) at WonderHowTo - mac-how-to.wonderhowto/how-to/every-mac-is-vulnerable-shellshock-bash-exploit-heres-patch-os-x-0157606/ . And, finally, here is the Apple security update page - support.apple/kb/HT1222. You can check here for the latest Apple patches anytime. The current patch (released September 17, 2014) does NOT patch the BASH shell or the Shellshock vulnerability for Macs. We’ll let you know when Apple releases a patch that does. We’ll continue to update you as we get more info.
Posted on: Fri, 26 Sep 2014 15:52:42 +0000
Trending Topics
© 2015