1. Contracting
    1. General
      1. Brexit
    2. Business / Contracts
      1. Coronavirus Assistance
    3. Accounting / Legal
      1. Umbrella Companies
      2. HMRC Scheme Enquiries
      3. The Future of Contracting
      4. IR35 Reform
    4. Technical
    5. Welcome / FAQs
  2. Social
    1. Light Relief
    2. Social / Events
  • Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

Linux bash vulnerability

Collapse
X
91 to 100 of 143 Previous 1 7 8 9 10 11 12 13 15 template Next
Collapse
Reply to Thread
  •  
  • Filter
  • Time
  • Show
Clear All
new posts
91 to 100 of 143 Previous 1 7 8 9 10 11 12 13 15 template Next
    #91
    Originally posted by darmstadt View Post
    Nope, still a user's problem. You shouldn't allow any application to open a shell and execute commands/scripts/etc from non-trusted sources, but still, approximately 90% of the posts on here are a troll aren't they? I noticed that a second version of Shellshock has come out


    Every don't worry case I've read says as long as there is no sloppy configuration and companies haven't cut corners we should all be fine.

    Not that reassuring really.
    Knock first as I might be balancing my chakras.

    Comment

      #92
      Bash patching...
      Brexit is having a wee in the middle of the room at a house party because nobody is talking to you, and then complaining about the smell.

      Comment

        #93
        Originally posted by darmstadt View Post
        Bash patching...
        You don't know it's related.
        Knock first as I might be balancing my chakras.

        Comment

          #94
          Originally posted by suityou01 View Post
          You don't know it's related.
          YOU USE TOO LONG TIME, PLEASE TRY AGAIN

          Comment

            #95
            You can do the exploit using headers. Not a User Problem.

            Comment

              #96
              Originally posted by Stevie Wonder Boy View Post
              You can do the exploit using headers. Not a User Problem.
              Aye. I think Darmie was being deliberately obtuse.

              Next users crafting their own DHCP packets will be basic end user stuff

              I understand IRC can also be used.

              In other news, VOIP systems can also be exploited.

              The attack vectors are not yet completely understood, the patches released so far have been ineffective and by now the hacking community has spread it's mucky seeds into every deep corner of the internet.

              This is IT's 9/11.

              I hate being right
              Knock first as I might be balancing my chakras.

              Comment

                #97
                Originally posted by suityou01 View Post
                This is IT's 9/11.

                I hate being right
                Nah, we haven't had the conspiracy theories yet.
                Behold the warranty -- the bold print giveth and the fine print taketh away.

                Comment

                  #98
                  Originally posted by Sysman View Post
                  Nah, we haven't had the conspiracy theories yet.
                  I only deal in cold hard fact
                  Knock first as I might be balancing my chakras.

                  Comment

                    #99
                    Originally posted by suityou01 View Post
                    Aye. I think Darmie was being deliberately obtuse.

                    Next users crafting their own DHCP packets will be basic end user stuff

                    I understand IRC can also be used.

                    In other news, VOIP systems can also be exploited.

                    The attack vectors are not yet completely understood, the patches released so far have been ineffective and by now the hacking community has spread it's mucky seeds into every deep corner of the internet.

                    This is IT's 9/11.

                    I hate being right
                    Download a copy of fiddler2 - Not difficult.

                    Attack vector is any process that spawns a shell and sets environment variables using user input. So for SSH you could use a crafted username that would do the trick.
                    Last edited by Stevie Wonder Boy; 28 September 2014, 08:33.

                    Comment

                      #100
                      Originally posted by Sysman View Post
                      Nah, we haven't had the conspiracy theories yet.
                      No nor I. But I can see the potential for this to trigger a global financial meltdown 2.0.
                      Knock first as I might be balancing my chakras.

                      Comment

                      Reply to Thread
                      91 to 100 of 143 Previous 1 7 8 9 10 11 12 13 15 template Next

                      Advertisers

                      1. Contracting
                        1. General
                          1. Brexit
                        2. Business / Contracts
                          1. Coronavirus Assistance
                        3. Accounting / Legal
                          1. Umbrella Companies
                          2. HMRC Scheme Enquiries
                          3. The Future of Contracting
                          4. IR35 Reform
                        4. Technical
                        5. Welcome / FAQs
                      2. Social
                        1. Light Relief
                        2. Social / Events
                      Working...
                      X