WARNING for MAC OSX & LINUX

Message boards : Number crunching : WARNING for MAC OSX & LINUX
Message board moderation

To post messages, you must log in.

AuthorMessage
Darth Beaver Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Avatar

Send message
Joined: 20 Aug 99
Posts: 6728
Credit: 21,443,075
RAC: 3
Australia
Message 1578104 - Posted: 26 Sep 2014, 11:56:40 UTC

Reports on the news about a virus called SHELLSHOCK has been found affecting MAC OSX and LINUX it is recommended that people with these systems upgrade now . Also websites that use SSL."All Bash users should upgrade immediately, and audit the list of remote network services running on their systems."

Shellshock is essentially a mistake that has been found in a piece of Linux software called Bash that has been widely used for about 25 years.


'This is about as bad as it gets'


click the link to find out more , up to 500 million computers may be at risk

http://www.abc.net.au/news/2014-09-26/shellshock-bug-leaves-up-to-500-million-computers-at-risk/5770952
ID: 1578104 · Report as offensive
Profile arkayn
Volunteer tester
Avatar

Send message
Joined: 14 May 99
Posts: 4438
Credit: 55,006,323
RAC: 0
United States
Message 1578236 - Posted: 26 Sep 2014, 16:21:04 UTC - in response to Message 1578104.  

Reports on the news about a virus called SHELLSHOCK has been found affecting MAC OSX and LINUX it is recommended that people with these systems upgrade now . Also websites that use SSL."All Bash users should upgrade immediately, and audit the list of remote network services running on their systems."

Shellshock is essentially a mistake that has been found in a piece of Linux software called Bash that has been widely used for about 25 years.


'This is about as bad as it gets'


click the link to find out more , up to 500 million computers may be at risk

http://www.abc.net.au/news/2014-09-26/shellshock-bug-leaves-up-to-500-million-computers-at-risk/5770952


Macs are only at risk if they are being used as a server.

ID: 1578236 · Report as offensive
Profile tullio
Volunteer tester

Send message
Joined: 9 Apr 04
Posts: 8797
Credit: 2,930,782
RAC: 1
Italy
Message 1578260 - Posted: 26 Sep 2014, 17:09:28 UTC

I used C shell and Korn shell on my UNIX systems but Linux uses Bash.
Tullio
ID: 1578260 · Report as offensive
QSilver

Send message
Joined: 26 May 99
Posts: 232
Credit: 6,452,764
RAC: 0
United States
Message 1578321 - Posted: 26 Sep 2014, 18:35:29 UTC

From an Apple statement to iMore.com:

The vast majority of OS X users are not at risk to recently reported bash vulnerabilities," an Apple spokesperson told iMore. "Bash, a UNIX command shell and language included in OS X, has a weakness that could allow unauthorized users to remotely gain control of vulnerable systems. With OS X, systems are safe by default and not exposed to remote exploits of bash unless users configure advanced UNIX services. We are working to quickly provide a software update for our advanced UNIX users.


http://www.imore.com/apple-working-quickly-protect-os-x-against-shellshock-exploit
ID: 1578321 · Report as offensive
Profile Jord
Volunteer tester
Avatar

Send message
Joined: 9 Jun 99
Posts: 15184
Credit: 4,362,181
RAC: 3
Netherlands
Message 1578489 - Posted: 26 Sep 2014, 21:22:05 UTC - in response to Message 1578104.  

Reports on the news about a virus called SHELLSHOCK

It isn't a virus, it's an exploit. In other words, it's not something that people have to download/install on their system, it's code in a program that comes standard with most Linux and OSX, that can be exploited.
ID: 1578489 · Report as offensive
TBar
Volunteer tester

Send message
Joined: 22 May 99
Posts: 5204
Credit: 840,779,836
RAC: 2,768
United States
Message 1578503 - Posted: 26 Sep 2014, 21:35:34 UTC - in response to Message 1578489.  

My Ubuntu 12.04 machine has 32 updates pending since a couple days ago. I try to stay away from those 'Advanced UNIX things' on my Macs. So, I suppose once I run those 32 updates all will be right in the world again?

:-)
ID: 1578503 · Report as offensive
Profile ML1
Volunteer moderator
Volunteer tester

Send message
Joined: 25 Nov 01
Posts: 20140
Credit: 7,508,002
RAC: 20
United Kingdom
Message 1578576 - Posted: 27 Sep 2014, 1:02:28 UTC - in response to Message 1578104.  
Last modified: 27 Sep 2014, 1:07:42 UTC

Reports on the news about a virus called SHELLSHOCK has been found affecting MAC OSX and LINUX it is recommended that people with these systems upgrade now...

As already mentioned:

That's no virus. It's an exploit (and rather an old previously unnoticed exploit at that).


There should be little concern if you are using recent good server software, or if you're not running anything as a server in any case.

However... Bash is in such widespread use for so very many years that updating in any case is a very good idea!

I would expect all the current distros to have the updates ready by now. (There are too many eyes watching them not to! ;-) )

The Linux distros I'm using were all updated with fixes on the day. There was also a second update that quickly followed for a full fix.


There's a long statement from the FSF for GNU bash:
Free Software Foundation statement on the GNU Bash "shellshock" vulnerability

Note the comment:

... Free software cannot guarantee your security, and in certain situations may appear less secure on specific vectors than some proprietary programs. As was widely agreed in the aftermath of the OpenSSL "Heartbleed" bug, the solution is not to trade one security bug for the very deep insecurity inherently created by proprietary software -- the solution is to put energy and resources into auditing and improving free programs...

Indeed that freedom has allowed a pair of fixes to be released within hours of disclosure of the problem. All in stark contrast to the much longer scenarios more usually seen for proprietary obfuscation...


This one is going to be interesting to watch for all the systems that use the GNU bash. As widely found on various other systems in addition to Linux. How long for those others to be updated?

Also interesting will be how the news develops. And amazing it hit headline news so quickly!


IT is what we make it,
Martin
See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)
ID: 1578576 · Report as offensive
Profile janneseti
Avatar

Send message
Joined: 14 Oct 09
Posts: 14106
Credit: 655,366
RAC: 0
Sweden
Message 1578595 - Posted: 27 Sep 2014, 2:43:19 UTC - in response to Message 1578260.  

I used C shell and Korn shell on my UNIX systems but Linux uses Bash.
Tullio

Ciao Tullio:)
but Linux uses Bash?
You can choose whatever shell you want as long it is POSIX.
Such as sh tsh ash bash ksh chs zsh and many more.

If I remember right just type csh at the prompter and you will have a C Shell.

Arrividerci.
ID: 1578595 · Report as offensive
Profile tullio
Volunteer tester

Send message
Joined: 9 Apr 04
Posts: 8797
Credit: 2,930,782
RAC: 1
Italy
Message 1578801 - Posted: 27 Sep 2014, 15:57:33 UTC - in response to Message 1578595.  

My SUSE has sent me a patch for Bash and I am trusting them. They send me regularly updates on my 13.1 version on 2 Linux boxes. I am using a 64-bit Windows 8.1 on a third PC to run ATLAS@home which needs a 64-bit Virtual Box and also vLHC@home, so CERN is happy. I am running also LHC@home on this host.
Tullio
ID: 1578801 · Report as offensive
Profile janneseti
Avatar

Send message
Joined: 14 Oct 09
Posts: 14106
Credit: 655,366
RAC: 0
Sweden
Message 1578848 - Posted: 27 Sep 2014, 19:15:39 UTC - in response to Message 1578801.  
Last modified: 27 Sep 2014, 19:18:46 UTC

My SUSE has sent me a patch for Bash and I am trusting them. They send me regularly updates on my 13.1 version on 2 Linux boxes. I am using a 64-bit Windows 8.1 on a third PC to run ATLAS@home which needs a 64-bit Virtual Box and also vLHC@home, so CERN is happy. I am running also LHC@home on this host.
Tullio

I really like Virtual Machines. So easy to handle.
You can use Windows, Solaris and Linux Machines. (Not Mac OSX)
Partitation of harddrives is not needed.
Total backups of a WHOLE machine takes 10% of normal times.
Snapshots so you can roll back to a state where you know the system is stable.
You dont even need antivirus programs slowing down the system. Now if you suspect your virtual machine are infected. Just rollback. takes some (sometimes several) minutes and you're back in business.

Testing applications in different environment is a breeze.
When done. Delete the Virtual Machines.
ID: 1578848 · Report as offensive
Profile tullio
Volunteer tester

Send message
Joined: 9 Apr 04
Posts: 8797
Credit: 2,930,782
RAC: 1
Italy
Message 1578958 - Posted: 28 Sep 2014, 6:34:58 UTC

There is tomorrow a BOINC meeting in Budapest where Rom Walton will speak about Virtual Machines in BOINC. He is a developer of the CERN projects but appears to be from UC Berkeley.
Tullio
ID: 1578958 · Report as offensive

Message boards : Number crunching : WARNING for MAC OSX & LINUX


 
©2024 University of California
 
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.