[clug] Security talk and the bash 'shellshock' vulnerability
paulway at mabula.net
Fri Sep 26 06:41:39 MDT 2014
-----BEGIN PGP SIGNED MESSAGE-----
Last night we had (what I thought was) a really good discussion of computer
security. We roamed from the general observations about whether it is
indeed possible to prevent anything from being attacked, to the specific
question of ways to be secure when using your computer (in short: use Linux,
keep anything you use to access the internet up to date, and be sceptical).
I also discovered that the new top box on my motorbike can fit seven pizzas
and three garlic breads :-)
We also talked about the fortuitously timed bash 'shellshock'
vulnerability. It's a complex beast, since it's difficult to exploit but
some of the things that can be exploited are exactly the kind of
internet-facing web service that are already under attack. My own
understanding is that unless you're running a web server on your home
machine, then you're really not likely to get attacked with this any time soon.
But, as it came up in conversation at work today, and because I know Bob
will be asking "What about SELinux" :-), I thought I'd mention Dan Walsh's
excellent review of what SELinux can and cannot prevent in this attack:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
-----END PGP SIGNATURE-----
More information about the linux