4 {{ upvoteCount | shortNum }}
4 {{ upvoteCount | shortNum }}

Over 500 MILLION servers could be affected: What You Need to Know About the Bash Software Bug

by Joe Mobley
3 replies
  • OFF TOPIC
    • |
The Bash software bug, which could affect more than half of all web servers, is being called the most serious cybersecurity threat every by some security experts.
1. Who's affected?

2. What could hackers do using Bash?

3. How can it be fixed?

The short, to the point article is here, What You Need to Know About the Bash Software Bug | Fox Business.

Joe Mobley
  • Profile picture of the author seasoned
    OK, there are some lies and half truths there, and this may be 100% FALSE!!!!!!

    BASH isn't "part of unix". It is an open source version of an old shell called the Bourne Shell, The Bourne shell is an old shell that is MUCH older and is just called sh. Since it was proprietary, they created a play on words and called the new shell the "Born Again SHell", or bash, for short.

    Can you do anything with it? CERTAINLY! THAT is why hackers tried the old buffer overload trick. They could get to the shell(BORN is one of SEVERAL), and do ANYTHING they pleased, within the users rights. That IS what the shell is for!

    THAT is why many companies create special users that have virtually NO access, and NO shell, so they can run servers. So if theprogram crashes, the hacker may end up NOPLACE! The user is often called "nobody"! Unfortunately, on shared systems, customers can't have that, as they then wouldn't be able to do anything.

    SOME companies now provide Linux, which often uses bash. SOME companies have changed sh to bash. But SOME UNIX versions still have SH.

    NOW, and this is important...... Almost *******ALL******* the shells, sh, bash, csh, zsh, etc... will do almost ANYTHING! ALL can be broken into! So is this REALLY some undefined bug that affects ONLY bash and not the others? ********HIGHLY******** unlikely! You do NOT get into the shell until login is passed, or you break through OTHER software, Is it simply an over broad view of the potential of damage done by a broad breech?

    There IS a problem that was identified over like 18 years ago that affects bash, as well as many others, done if you use it to directly process CGI, and that is the reason why so few use it there.

    Steve
    {{ DiscussionBoard.errors[9557778].message }}
    • Profile picture of the author David Beroff
      Originally Posted by seasoned View Post

      OK, there are some lies and half truths there, and this may be 100% FALSE!!!!!!

      BASH isn't "part of unix"....
      Steve, I have to step in here for a second. While, from a very pedantic you may be completely correct, I respectfully pose that your approach may be doing a disservice to your readers.

      News reporters need to be able to communicate stories to a wide range of people. If experts tell them something like, "Bash is software typically found on Unix systems", I feel it's perfectly reasonable for them to shorten that to, "Bash is part of Unix". I don't feel that this makes it a lie or 100% false. The overall idea is to communicate that there's a problem, which is true.

      If an article is aimed at system administrators who need to know specific technical details, then fine, accuracy is far more important. While I'm amused that I'm actually defending Fox News, my point is that this article is entitled, "What You Need to Know About the Bash Software Bug", as in "you", the general public. And in that sense, the article is doing a fine job of painting the broad strokes that it should.
      Signature
      Put MY voice on YOUR video: AwesomeAmericanAudio.com
      {{ DiscussionBoard.errors[9558076].message }}
  • Profile picture of the author seasoned
    BTW it turns out they call this shellshock. I looked at several sites, and it appears to somehow or other give the wrong rights. I STILL think it may be something akin to the cache overflow flaw. They mentioned mod.sh in apache, and ssh.

    David, You might be right, but I was actually kind of defending UNIX, and some companies.

    Steve
    {{ DiscussionBoard.errors[9561230].message }}

Trending Topics