Message boards :
Number crunching :
WARNING for MAC OSX & LINUX
Message board moderation
Author | Message |
---|---|
Darth Beaver Send message Joined: 20 Aug 99 Posts: 6728 Credit: 21,443,075 RAC: 3 |
Reports on the news about a virus called SHELLSHOCK has been found affecting MAC OSX and LINUX it is recommended that people with these systems upgrade now . Also websites that use SSL."All Bash users should upgrade immediately, and audit the list of remote network services running on their systems." Shellshock is essentially a mistake that has been found in a piece of Linux software called Bash that has been widely used for about 25 years. 'This is about as bad as it gets' click the link to find out more , up to 500 million computers may be at risk http://www.abc.net.au/news/2014-09-26/shellshock-bug-leaves-up-to-500-million-computers-at-risk/5770952 |
arkayn Send message Joined: 14 May 99 Posts: 4438 Credit: 55,006,323 RAC: 0 |
Reports on the news about a virus called SHELLSHOCK has been found affecting MAC OSX and LINUX it is recommended that people with these systems upgrade now . Also websites that use SSL."All Bash users should upgrade immediately, and audit the list of remote network services running on their systems." Macs are only at risk if they are being used as a server. |
tullio Send message Joined: 9 Apr 04 Posts: 8797 Credit: 2,930,782 RAC: 1 |
I used C shell and Korn shell on my UNIX systems but Linux uses Bash. Tullio |
QSilver Send message Joined: 26 May 99 Posts: 232 Credit: 6,452,764 RAC: 0 |
From an Apple statement to iMore.com: The vast majority of OS X users are not at risk to recently reported bash vulnerabilities," an Apple spokesperson told iMore. "Bash, a UNIX command shell and language included in OS X, has a weakness that could allow unauthorized users to remotely gain control of vulnerable systems. With OS X, systems are safe by default and not exposed to remote exploits of bash unless users configure advanced UNIX services. We are working to quickly provide a software update for our advanced UNIX users. http://www.imore.com/apple-working-quickly-protect-os-x-against-shellshock-exploit |
Jord Send message Joined: 9 Jun 99 Posts: 15184 Credit: 4,362,181 RAC: 3 |
Reports on the news about a virus called SHELLSHOCK It isn't a virus, it's an exploit. In other words, it's not something that people have to download/install on their system, it's code in a program that comes standard with most Linux and OSX, that can be exploited. |
TBar Send message Joined: 22 May 99 Posts: 5204 Credit: 840,779,836 RAC: 2,768 |
My Ubuntu 12.04 machine has 32 updates pending since a couple days ago. I try to stay away from those 'Advanced UNIX things' on my Macs. So, I suppose once I run those 32 updates all will be right in the world again? :-) |
ML1 Send message Joined: 25 Nov 01 Posts: 20291 Credit: 7,508,002 RAC: 20 |
Reports on the news about a virus called SHELLSHOCK has been found affecting MAC OSX and LINUX it is recommended that people with these systems upgrade now... As already mentioned: That's no virus. It's an exploit (and rather an old previously unnoticed exploit at that). There should be little concern if you are using recent good server software, or if you're not running anything as a server in any case. However... Bash is in such widespread use for so very many years that updating in any case is a very good idea! I would expect all the current distros to have the updates ready by now. (There are too many eyes watching them not to! ;-) ) The Linux distros I'm using were all updated with fixes on the day. There was also a second update that quickly followed for a full fix. There's a long statement from the FSF for GNU bash: Free Software Foundation statement on the GNU Bash "shellshock" vulnerability Note the comment: ... Free software cannot guarantee your security, and in certain situations may appear less secure on specific vectors than some proprietary programs. As was widely agreed in the aftermath of the OpenSSL "Heartbleed" bug, the solution is not to trade one security bug for the very deep insecurity inherently created by proprietary software -- the solution is to put energy and resources into auditing and improving free programs... Indeed that freedom has allowed a pair of fixes to be released within hours of disclosure of the problem. All in stark contrast to the much longer scenarios more usually seen for proprietary obfuscation... This one is going to be interesting to watch for all the systems that use the GNU bash. As widely found on various other systems in addition to Linux. How long for those others to be updated? Also interesting will be how the news develops. And amazing it hit headline news so quickly! IT is what we make it, Martin See new freedom: Mageia Linux Take a look for yourself: Linux Format The Future is what We all make IT (GPLv3) |
janneseti Send message Joined: 14 Oct 09 Posts: 14106 Credit: 655,366 RAC: 0 |
I used C shell and Korn shell on my UNIX systems but Linux uses Bash. Ciao Tullio:) but Linux uses Bash? You can choose whatever shell you want as long it is POSIX. Such as sh tsh ash bash ksh chs zsh and many more. If I remember right just type csh at the prompter and you will have a C Shell. Arrividerci. |
tullio Send message Joined: 9 Apr 04 Posts: 8797 Credit: 2,930,782 RAC: 1 |
My SUSE has sent me a patch for Bash and I am trusting them. They send me regularly updates on my 13.1 version on 2 Linux boxes. I am using a 64-bit Windows 8.1 on a third PC to run ATLAS@home which needs a 64-bit Virtual Box and also vLHC@home, so CERN is happy. I am running also LHC@home on this host. Tullio |
janneseti Send message Joined: 14 Oct 09 Posts: 14106 Credit: 655,366 RAC: 0 |
My SUSE has sent me a patch for Bash and I am trusting them. They send me regularly updates on my 13.1 version on 2 Linux boxes. I am using a 64-bit Windows 8.1 on a third PC to run ATLAS@home which needs a 64-bit Virtual Box and also vLHC@home, so CERN is happy. I am running also LHC@home on this host. I really like Virtual Machines. So easy to handle. You can use Windows, Solaris and Linux Machines. (Not Mac OSX) Partitation of harddrives is not needed. Total backups of a WHOLE machine takes 10% of normal times. Snapshots so you can roll back to a state where you know the system is stable. You dont even need antivirus programs slowing down the system. Now if you suspect your virtual machine are infected. Just rollback. takes some (sometimes several) minutes and you're back in business. Testing applications in different environment is a breeze. When done. Delete the Virtual Machines. |
tullio Send message Joined: 9 Apr 04 Posts: 8797 Credit: 2,930,782 RAC: 1 |
There is tomorrow a BOINC meeting in Budapest where Rom Walton will speak about Virtual Machines in BOINC. He is a developer of the CERN projects but appears to be from UC Berkeley. Tullio |
©2024 University of California
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.