[clug] Security talk and the bash 'shellshock' vulnerability
Paul Wayper
paulway at mabula.net
Fri Sep 26 06:41:39 MDT 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi all,
Last night we had (what I thought was) a really good discussion of computer
security. We roamed from the general observations about whether it is
indeed possible to prevent anything from being attacked, to the specific
question of ways to be secure when using your computer (in short: use Linux,
keep anything you use to access the internet up to date, and be sceptical).
I also discovered that the new top box on my motorbike can fit seven pizzas
and three garlic breads :-)
We also talked about the fortuitously timed[1] bash 'shellshock'
vulnerability. It's a complex beast, since it's difficult to exploit but
some of the things that can be exploited are exactly the kind of
internet-facing web service that are already under attack. My own
understanding is that unless you're running a web server on your home
machine, then you're really not likely to get attacked with this any time soon.
But, as it came up in conversation at work today, and because I know Bob
will be asking "What about SELinux" :-), I thought I'd mention Dan Walsh's
excellent review of what SELinux can and cannot prevent in this attack:
http://danwalsh.livejournal.com/71122.html
Have fun,
Paul
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlQlXwMACgkQu7W0U8VsXYJnlQCdHw9sIWhj+HFvRNsOcwO31dtN
hfAAoJgJl3Dk+vMps+S3d0N7fPgkTEDT
=kXJt
-----END PGP SIGNATURE-----
More information about the linux
mailing list