Call Search
     

New to Ham Radio?
My Profile

Community
Articles
Forums
News
Reviews
Friends Remembered
Strays
Survey Question

Operating
Contesting
DX Cluster Spots
Propagation

Resources
Calendar
Classifieds
Ham Exams
Ham Links
List Archives
News Articles
Product Reviews
QSL Managers

Site Info
eHam Help (FAQ)
Support the site
The eHam Team
Advertising Info
Vision Statement
About eHam.net

donate to eham
   Home   Help Search  
Pages: [1] 2 3 4 5 6 Next   Go Down
  Print  
Author Topic: Linux has a catastrophic flaw...  (Read 52972 times)
W8JX
Member

Posts: 13268




Ignore
« on: September 24, 2014, 05:16:18 PM »

It seem that Linux has a very deadly problem. Its called Bash Bug and it effects Linux and things based on it like Apple OSx. Basically it gets in through a networked like a camera or even light bulb controlled from a network and once hacked it is a doorway into OS. No fix at present.

Those of you that thought Linux was safe are wrong. Bug is rated catastrophic.
Logged

--------------------------------------
Ham since 1969....  Old School 20wpm REAL Extra Class..
W4KYR
Member

Posts: 1799




Ignore
« Reply #1 on: September 24, 2014, 05:35:30 PM »

It seem that Linux has a very deadly problem. Its called Bash Bug and it effects Linux and things based on it like Apple OSx. Basically it gets in through a networked like a camera or even light bulb controlled from a network and once hacked it is a doorway into OS. No fix at present.

Those of you that thought Linux was safe are wrong. Bug is rated catastrophic.

Um, lemme guess...we should kick all our computers out to the curb and buy some Windows 8 machines...right?
Logged

The internet and cellphone networks are great until they go down, what then? Find out here. 
https://www.eham.net/ehamforum/smf/index.php/topic,111948.0.html

Using Windows 98 For Packet...
W8JX
Member

Posts: 13268




Ignore
« Reply #2 on: September 24, 2014, 06:04:02 PM »

It seem that Linux has a very deadly problem. Its called Bash Bug and it effects Linux and things based on it like Apple OSx. Basically it gets in through a networked like a camera or even light bulb controlled from a network and once hacked it is a doorway into OS. No fix at present.

Those of you that thought Linux was safe are wrong. Bug is rated catastrophic.

Um, lemme guess...we should kick all our computers out to the curb and buy some Windows 8 machines...right?

No I am just reporting the news. Linux is not inherently safe. MS does not look so bad maybe.
Logged

--------------------------------------
Ham since 1969....  Old School 20wpm REAL Extra Class..
W4KYR
Member

Posts: 1799




Ignore
« Reply #3 on: September 24, 2014, 06:20:20 PM »

Simple fix

http://arstechnica.com/security/2014/09/bug-in-bash-shell-creates-big-security-hole-on-anything-with-nix-in-it/


"The fix is an update to a patched version of the Bash shell. To be safe, administrators should do a blanket update of their versions of Bash in any case."


Nothing to see here.....
Logged

The internet and cellphone networks are great until they go down, what then? Find out here. 
https://www.eham.net/ehamforum/smf/index.php/topic,111948.0.html

Using Windows 98 For Packet...
W8JX
Member

Posts: 13268




Ignore
« Reply #4 on: September 24, 2014, 07:11:28 PM »

Simple fix

http://arstechnica.com/security/2014/09/bug-in-bash-shell-creates-big-security-hole-on-anything-with-nix-in-it/


"The fix is an update to a patched version of the Bash shell. To be safe, administrators should do a blanket update of their versions of Bash in any case."


Nothing to see here.....

That remain to be seen...
Logged

--------------------------------------
Ham since 1969....  Old School 20wpm REAL Extra Class..
W0BTU
Member

Posts: 2219


WWW

Ignore
« Reply #5 on: September 24, 2014, 08:07:29 PM »

Imagine a violent high-speed head-on collision between two cars. The one car is a 2009 Win7 PC, and the other car is a 2012 Smartphone. The collision is so violent that the two cars are hopelessly entangled and cannot be pulled apart. The tangled wreckage, too, has a name: Windows 8.x. Dr. Frankenstein would be proud.  Grin
Logged

W8JX
Member

Posts: 13268




Ignore
« Reply #6 on: September 24, 2014, 08:16:23 PM »

Imagine a violent high-speed head-on collision between two cars. The one car is a 2009 Win7 PC, and the other car is a 2012 Smartphone. The collision is so violent that the two cars are hopelessly entangled and cannot be pulled apart. The tangled wreckage, too, has a name: Windows 8.x. Dr. Frankenstein would be proud.  Grin

Your wrong they would call it a IPhone 6 which is still easy to bend and damage because of a bad marriage of parts.
Logged

--------------------------------------
Ham since 1969....  Old School 20wpm REAL Extra Class..
KK4GGL
Member

Posts: 1320




Ignore
« Reply #7 on: September 24, 2014, 08:29:26 PM »

It seem that Linux has a very deadly problem. Its called Bash Bug and it effects Linux and things based on it like Apple OSx. Basically it gets in through a networked like a camera or even light bulb controlled from a network and once hacked it is a doorway into OS. No fix at present.

Those of you that thought Linux was safe are wrong. Bug is rated catastrophic.

Patches issued:
    Red Hat Enterprise Linux (versions 4 through 7) and the Fedora distribution
    CentOS (versions 5 through 7)
    Ubuntu 10.04 LTS, 12.04 LTS, and 14.04 LTS
    Debian
    Opensuse 13.1

The patch for Opensuse 13.1 was applied before I knew about the bug. Too bad Microsoft doesn't work as fast.
Logged

73,
Rick KK4GGL
W0BTU
Member

Posts: 2219


WWW

Ignore
« Reply #8 on: September 24, 2014, 08:37:05 PM »

Patches issued:
    Red Hat Enterprise Linux (versions 4 through 7)

Well, not quite. See the discussion at the bottom of https://access.redhat.com/node/1200223

Anyway, thanks for bringing this to our attention, John. Seriously. I just manually patched one of my Linux boxes (using iptables) until the real fix becomes available.

My Xubuntu box patched this bug this morning, I believe.
Logged

KK4GGL
Member

Posts: 1320




Ignore
« Reply #9 on: September 24, 2014, 08:53:19 PM »

Patches issued:
    Red Hat Enterprise Linux (versions 4 through 7)

Well, not quite. See the discussion at the bottom of https://access.redhat.com/node/1200223

Anyway, thanks for bringing this to our attention, John. Seriously. I just manually patched one of my Linux boxes (using iptables) until the real fix becomes available.

My Xubuntu box patched this bug this morning, I believe.

You do realize he wasn't doing this to be nice?
Logged

73,
Rick KK4GGL
AG6WT
Member

Posts: 510




Ignore
« Reply #10 on: September 25, 2014, 08:11:05 AM »

It seem that Linux has a very deadly problem. Its called Bash Bug and it effects Linux and things based on it like Apple OSx. Basically it gets in through a networked like a camera or even light bulb controlled from a network and once hacked it is a doorway into OS. No fix at present.

Those of you that thought Linux was safe are wrong. Bug is rated catastrophic.

To be fair, this is not a "Linux" bug but rather a shell bug.  While bash is the default shell on most Linux distributions, users and admins are free to install anyone of the other popular shells such a ksh, csh, tsch, dash, etc.  Ubuntu uses dash and not bash for OS services so it may not have the same risks as other Linux distributions that use bash for everything.  And as you pointed out the bug is also found on OSx installations, which by the way, is not Linux but a Unix variant based upon the Mach kernel and BSD.  Furthermore, Windows servers using bash, like Git for Windows, might also be vulnerable.

I've been looking around on the security forums and the fix has come out rather quickly.  The worry isn't so much devices like webcams and routers.  Bash is rather heavy (everything and the kitchen sink kind of heavy) so embedded systems tend to use something smaller like Busybox.  The primary worry is that legacy systems, like old ftp and webservers that aren't actively managed*, won't be patched.

* This is one of the "problems" with Linux. Once you have it configured to provide a service, it can be up for years without any incidents and it is easy to forget to check in once and a while and see if it needs any preventative maintenance.
Logged
W8JX
Member

Posts: 13268




Ignore
« Reply #11 on: September 25, 2014, 09:18:03 AM »

Bash is not natively supported in Windows and can be supported only through emulation so at present it is not a threat for security.
Logged

--------------------------------------
Ham since 1969....  Old School 20wpm REAL Extra Class..
K0JEG
Member

Posts: 885




Ignore
« Reply #12 on: September 25, 2014, 10:41:31 AM »

Hardly catastrophic. It might be an issue if you aren't properly firewalled or have a specific situation with Apache web server and CGI scripts, but if you're potentially affected, you're already likely patched.

And as for W8JX's eagerness to gloat, the point isn't to "call the kettle black" but to fix the problem and move on. Even for Windows boxes. The haters who constantly mock Windows for exploits found generally fail to notice the installed user base. If Linux/Unix was as big a target I'm sure there would be many more exploits found. That said, having millions of coders looking over the source certainly helps get these issues resolved quickly.
Logged
W8JX
Member

Posts: 13268




Ignore
« Reply #13 on: September 25, 2014, 10:55:13 AM »

Hardly catastrophic. It might be an issue if you aren't properly firewalled or have a specific situation with Apache web server and CGI scripts, but if you're potentially affected, you're already likely patched.

And as for W8JX's eagerness to gloat, the point isn't to "call the kettle black" but to fix the problem and move on. Even for Windows boxes. The haters who constantly mock Windows for exploits found generally fail to notice the installed user base. If Linux/Unix was as big a target I'm sure there would be many more exploits found. That said, having millions of coders looking over the source certainly helps get these issues resolved quickly.

I think you miss point here. It is not about firewalls, its about internet accessible devices like cameras and home security and lighting and such that provides doorway past firewall in Linux.
Logged

--------------------------------------
Ham since 1969....  Old School 20wpm REAL Extra Class..
NN4RH
Member

Posts: 539




Ignore
« Reply #14 on: September 25, 2014, 02:30:40 PM »

Wow. Linux has one flaw! (Already fixed by the way).

How many thousands of security vulnerabilities has Windows had over the years? 
Logged
Pages: [1] 2 3 4 5 6 Next   Go Up
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.11 | SMF © 2006-2009, Simple Machines LLC Valid XHTML 1.0! Valid CSS!