Reply to: Linux bash vulnerability

Well you can proudly claim that. And well done you.

Sadly we live in a world where reality does not really matter. The financial markets and wave after wave of printed money are testimony to this. We should all realise currency is worthless yet we keep ploughing money into a broken system.

Not wanting to veer away from the point, this problem is very real and when the confidence is lost, a cold wind will blow for our industry.

It's just that the rest of you chose not to believe it and would rather burn me at the stake for being a heretic.

Such is the life of the truly enlightened.

Hardly IT's 9/11

There's a new variant out now, the SuityShock Bash vulnerability.

It's similar to the old one, except you need two years experience before you can exploit it.

The problem is still very much a big big problem.

Ghost in the (Bourne Again) Shell: Fallout of Shellshock far from over | Ars Technica

Let me check and get back to you.

Well Chicken Little, has the sky fallen yet?

Ouch

he keeps the internet in a box under his bed with his HP-UX box. Meanwhile 50% of all Unix/Linux are RHEL and use bash.

Nothing to flounder with that... btw I used to work for Sun.

Do you somethimes feel the world is passing you by?

Chill - there are fixes out there now. Just be careful in applying said fixes - don't let Apple sneakily upgrade you to xcode6

This is Suity holding The Internet Wot I Just Fixed...

Have you ever thought about after dinner speaking with such witty anecdotes?

I suppose that will have to wait a bit while you fix the internet. Got any idea how long it will take to fix?

No real need, it's not on proper Unix as used in the enterprise unless installed by inadequates, it's installed by default on numpty-unix-like systems tho, go figure. Makes me laugh to see Linuxites founder on AIX or HP-UX with no backspace or arrow keys and typing 'bash' in desperation only to get 'sh: bash: not found.'......

Keeping me well paid though, can't complain, kerr-ching....

Linux bash vulnerability

So simply remove bash from every machine, embedded system and device on or just behind the internet and we're all fixed. Simples cheers Stek.

On Linux maybe so. Linux isn't even Unix...

It might be a shock to you but not everything is Linux, and not every Unix has bash as default, or even on the system. You might need your arrow keys working but most of us don't. Don't be lazy and expose yourself to this sort of thing, bash is not needed, nor is it a prerequisite for anything.

Looking back all those years to SQL slammer again. The windows security patch was actually released 6 months before the attack was unleashed causing widespread damage and disruption to businesses. The problem is so many organisations are still tulip at rolling out patches it wouldn't surprise me if something like this could happen again.