Slackware Security Advisory – New bash packages are available for Slackware 13.0 to fix a security issue.
Monthly Archives: September 2014
FBI Boss Concerned By Smartphone Encryption Plans
Hackers Caught Exploiting Shellshock Bash Vulnerability
Researchers Believe They Can Predict Malware Domains
Facebook's Fight Against Search Warrants Gets Court Go-Ahead
The Boletos Fraud: An Online Threat to Offline Users
Hakabana 0.2.1
Hakabana is an open source monitoring tool that helps you visualize network traffic using Haka and Kibana.
[ MDVSA-2014:190 ] bash
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2014:190 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : bash Date : September 26, 2014 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue (CVE-2014-7169). Additionally bash has been updated from patch level 37 to 48
Shellshock, the security hole in Bash that affects Linux and OS X
A security hole has been discovered in Bash that jeopardizes the security of Linux and Mac users. This vulnerability, dubbed ‘Shellshock’, affects the command interpreter in these operating systems.
So what does this mean? To give you an idea, this flaw could allow a cyber-criminal to remotely access a system using Bash and insert spyware designed to steal confidential information or even take control of the system.
The hole was discovered by Stephane Schazeblas and it would appear that it is more serious than Heartbleed, the vulnerability discovered in the OpenSSL library last April. According to the CVSS rating of the security hole, Shellshock has a score of 10, while Heartbleed was rated 5.
What can you do to protect yourself from the Bash vulnerability? Update your software and keep your operating system up-to-date.
* Many thanks to our colleague from Critical Malware, Daniel Garcia, for his help.
The post Shellshock, the security hole in Bash that affects Linux and OS X appeared first on MediaCenter Panda Security.
Week in security: Bash Bug, BlackEnergy and hoax attacks
This week, a serious software vulnerability, which rapidly became known as the ‘Bash Bug’ or ‘Shellshock’ dominated the headlines, as two other faked news stories showed that hoaxes can fool the world very easily these days.
The post Week in security: Bash Bug, BlackEnergy and hoax attacks appeared first on We Live Security.
