BASH "Shell Shock"

[Kick]

The potential problems this recent revelation highlights are immense. I set up a dual boot Puppy Linux Precise 5.7.1 / Windows XP Pro arrangement earlier this year in order to provide safer internet activity in the light of Microsoft support for XP finishing - how ironic. But of course the bash problem goes beyond one for home users of Linux based systems because so many online servers utilize bash as does much smart technology.

I'm keeping an eye open with regard to what I should do for my own system, advice so far is varied and not entirely clear for a user of only limited understanding of the underlying structure and workings of Linux.

Apparently this weakness in bash has been around for 25 years but only just identified. Patches are being produced and then patches to patch the patches - how far this will escalate one just doesn't know. Some advise stopping all online purchasing for the time being which would have a major effect on the the online economy.

How much of this is over the top scaremongering, who knows and how much protection normal security software on home systems will provide is not clear. We must all be vigilant of course but let's hope the IT boffins find a solution soon before the bash weaknesses are exploited any more.

 

[AWS]

It's a major issue. All routers run firmware which uses bash shell for configuration. Cisco was first to release a fix although some say the fix really doesn't work. Redhat released a fix and then later said the fix might not work and released another which some say still doesn't fix the issue.

We will see in the coming days the effects of this.

 

[Kick]

AWS, I suppose we just have to be patient but it's a bit of a worry for us home users with only a minimum of background knowledge. Regarding your point about routers, my desktops connect to the internet via a ZyXEL ADSL modem with wifi although I do not use the wifi (it's not switched on) but use only the only ethernet wired connections, is this likely to use firmware utilizing bash and if so, would an update come through automatically or would I have to sort this myself?

 

[AWS]

If it's supplied by the ISP then they will have to push an update. If you use a router behind theirs then you'll have to check the manufacturers site for updated firmware. You should check with your ISP. Some will only push the update when you reboot the router. Some will push it automatically and force a reboot.

Comcast pushed an update the the Cisco they supply me. I had to download the updates for my routers behind the Cisco. The Comcast supplied router is set to bridge and I do the real routing behind it with my own equipment.

 

[Kick]

Thanks AWS, I have been trying to contact my ISP but they seem swamped and there are lengthy waiting times - I will try again now. I only use the unit they provided so I will hear what they have to say.

Regards Kick

P.S. I'm not a golf fan but, in case you are, please accept my condolences regarding the Ryder Cup.

 

[AWS]

I'm not either, but, I do follow the Ryder Cup. Seems the last few years you've had our number.

 

[Kick]

True but you've done rather better than us in the last two soccer World Cup tournaments and I doubt we could beat you at cricket nowadays