It also effects some Mac systems, although you will need to test and get your own upgrades.
It is possible that it effects Android systems as well. I did the test on my tablet running CyanogenMod this morning and it was safe. Your Mileage May Vary.
How this effects Windows is straightforward, it's another one of those low level things in a web server that can bite us later and since Linux powers many websites, you are effected indirectly. Think of what the Heartbleed problem was and how you went in and changed all your passwords to protect yourself. Good idea to start changing them again!
The bug is called "Shellshock". The specifics is that it allows a ne'er do well to hack into an unpatched Linux server and gain full control via something called the BASH shell. That is a bad thing because with control over bash, you can gain full control of the entire computer.
There is a test and full explanation of all the geekery under the hood here at this link at www.ArsTechnica.com if you care to dig deeper. Basically, just go in and do a full update of your machine and make sure you see bash updated.
The test is this line in terminal.
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
If the system is vulnerable, the output will be:
vulnerable
this is a test
An unaffected (or patched) system will output:
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test
Since Mac OSX is based on something called BSD and bash comes with it in their terminal. If you have an older Mac that is acting as a server, look into a patch.
I personally did the fix last night on my Debian system while I was half asleep. Really trivial to fix.
In a root terminal -
apt-get update
apt-get upgrade
It went out and updated my list of available updates, then upgraded those that needed it. The package "bash" was included.
CentOS came up this morning with a bubble telling me to install updates. It worked. No problem.
I tried it out on my RaspberryPi machine and yes, that was affected. The patch worked, and the picture is below.
Here's the thing, it may effect Android tablets and phones depending on whether bash is installed. It's a very basic and well known tool, so you will need to make sure you can patch the tablets.
However, it's highly unlikely that some average dude walking down the street with a year old Android phone with an unpatched system will have a problem. Someone would have to know you're there, get into your machine, and do the hack to gain control. You aren't the person they would be looking for, it's that big web server sitting somewhere like a store or a bank that they're going to hack.
Just accept the updates if you have manual control of whatever computer you are using, phones and tablets included.
If you are "going into" your machine, set your update preferences to allow security updates automatically while you're at it since that makes it easier to administer the machines.
No comments:
Post a Comment