Bigger than Heartbleed
Posted: Thu Sep 25, 2014 7:44 amPolitical Crossfire Forums
Political forum discussions also covering current events, constitutional rights, and more!
https://political-crossfire.net/
Bigger than Heartbleed
Page 1 of 2
Posted: Thu Sep 25, 2014 7:44 amRe: Bigger than Heartbleed
Posted: Thu Sep 25, 2014 10:58 pmFor desktop and servers this won't be an issue here soon. As for everything else that doesn't get updated on a regular basis, ya, you can get screwed.
Re: Bigger than Heartbleed
Posted: Thu Sep 25, 2014 11:32 pmHalf of the net is running Apache, BASH is probably the most installed utilities on any LINUX system.
Shellshock is being rated 10 out of 10, the worst it can get.
http://web.nvd.nist.gov/view/vuln/detai ... -2014-6271
latest stats from Netcraft:
http://news.netcraft.com/archives/2014/ ... urvey.html
Shellshock is being rated 10 out of 10, the worst it can get.
http://web.nvd.nist.gov/view/vuln/detai ... -2014-6271
latest stats from Netcraft:
http://news.netcraft.com/archives/2014/ ... urvey.html
Re: Bigger than Heartbleed
Posted: Fri Sep 26, 2014 8:32 pmnot a concern unless you use advanced UNIX tools. Which is nearly no one.
Re: Bigger than Heartbleed
Posted: Fri Sep 26, 2014 9:44 pmRe: Bigger than Heartbleed
Posted: Sat Sep 27, 2014 9:51 amSomething tells me Apple has probably figured out how to do that
Re: Bigger than Heartbleed
Posted: Sat Sep 27, 2014 9:11 pmi can't wait to see how this plays out
Re: Bigger than Heartbleed
Posted: Sun Sep 28, 2014 6:52 amSnail Mail and the Post Office aren't going anywhere.
Heartbleed... Bash Bug... Target... Home Depot. All just in the past 6-9 months. I do a lot of my business and bill paying on the Internet.. Quite honestly I'm beginning to waver.
Heartbleed... Bash Bug... Target... Home Depot. All just in the past 6-9 months. I do a lot of my business and bill paying on the Internet.. Quite honestly I'm beginning to waver.
Re: Bigger than Heartbleed
Posted: Tue Sep 30, 2014 1:51 pmPatched our old Fedora 10 server yesterday. Just had to download the most update to date version of bash 4.2, patch it, then install. Looks like we're clear now. Not that I think anyone would have hacked us but still, don't want that possibility existing.
I will tell an embarrassing story though. I forgot that I had (years ago) installed PHPBB on our server to play with the code and stupidly left the damn thing on. I noticed a bunch of odd httpd traffic when I knew we should have none. I tailed the logs and saw people hitting a phpbb forum on our server and was like wtf. I went to it to see something absurd like 200k posts. About 10 bots were actively posting in the only thread available. A post every few seconds.
I shut it down and after about 30 minutes, they all gave up heh.
I watch logs all the time but only for strange things going on. HTTP traffic isn't exactly strange so I've never really watched it that closely. Live and learn. Or something.
I will tell an embarrassing story though. I forgot that I had (years ago) installed PHPBB on our server to play with the code and stupidly left the damn thing on. I noticed a bunch of odd httpd traffic when I knew we should have none. I tailed the logs and saw people hitting a phpbb forum on our server and was like wtf. I went to it to see something absurd like 200k posts. About 10 bots were actively posting in the only thread available. A post every few seconds.
I shut it down and after about 30 minutes, they all gave up heh.
I watch logs all the time but only for strange things going on. HTTP traffic isn't exactly strange so I've never really watched it that closely. Live and learn. Or something.
Re: Bigger than Heartbleed
Posted: Tue Sep 30, 2014 8:15 pmlol most interesting, an inadvertent honey pot
are you familiar with secunia? I don't know if there is a server version but it helps keep my laptop patched up
all kinds of stuff you wouldn't think of like python scripts from old ass games etc.
are you familiar with secunia? I don't know if there is a server version but it helps keep my laptop patched up
all kinds of stuff you wouldn't think of like python scripts from old ass games etc.