Serious Bash Flaw affects *nix, Mac OS X, and IoT
Normally, my weekly video covers a number of important information and network security stories, in order to keep you informed of the latest threats. However, this week one story is so important I give it the primary focus.
Today’s show covers the critical “Shellshock” vulnerability in Bash. If you use Unix, Linux, or Mac systems, or any other embedded device that might run Linux, you’ll want to watch this episode to learn how this flaw affects you. Click play for more details.
Oh, and don’t forget WatchGuard appliances aren’t affected, and our IPS can protect you. Enjoy your weekend!
(Episode Runtime: 9:23)
Direct YouTube Link: https://www.youtube.com/watch?v=f6X5-bxj-Mw
Episode References:
- US-CERT alert on Bash flaw – US-CERT
- WatchGuard post on Shellshock – WGSC
- Everything you wanted to know about Shellshock – Troy Hunt
- Great proof of concept example, including exploiting Apache server – Oleass blog
- Shellshock DHPC server PoC – TrustedSec
Extras:
I’m skipping the extra stories this week so you focus on taking care of the Bash flaw.
— Corey Nachreiner, CISSP (@SecAdept)
Thanks for posting this! It is EXACTLY what I was looking for. Keep the great content coming!
Thanks
If you are an OS X user, Apple released their update for the Bash flaw. You can find links for it here:
http://thenextweb.com/apple/2014/09/29/apple-releases-bash-update-lion-mavericks/
I don’t think it has been added to automatic updates, so you have to install it manually.
Cheers,
Corey