Forums

The forums ran from 2008-2020 and are now closed and viewable here as an archive.

Home Forums Other Everybody needs to update Bash.

  • This topic is empty.
Viewing 10 posts - 1 through 10 (of 10 total)
  • Author
    Posts
  • September 26, 2014 at 12:24 pm #184813
    nixnerd
    Participant

    I’m sure you’ve all heard of “Shellshock” by now. Everyone who uses a Mac or Linux needs to update Bash… unless you want to have remote commands being run on your machine. This goes for servers as well as desktops and laptops. Not sure if this affects ZSH… I don’t think too many people here use it but it couldn’t hurt to update as well. Be safe out there.

    September 26, 2014 at 12:25 pm #184814
    chrisburton
    Participant

    Did yesterday and today.

    But read this: http://security.stackexchange.com/a/68250

    September 26, 2014 at 12:46 pm #184815
    nixnerd
    Participant

    This seems like a much bigger deal for servers. But… can’t hurt on the personal machines.

    September 26, 2014 at 3:37 pm #184818
    chrisburton
    Participant

    @TheDoc You’re not with StableHost anymore? By the way, is Digital Ocean managed?

    September 26, 2014 at 3:38 pm #184819
    TheDoc
    Member

    @TheDoc You’re not with StableHost anymore? By the way, is Digital Ocean managed?

    I still have stuff on StableHost. Slowly moving stuff over to D/O. I want to get better at managing my own server and it provides a nice middle step.

    September 27, 2014 at 1:38 pm #184863
    nixnerd
    Participant

    is Digital Ocean managed?

    No. Digital Ocean is really nice though. I really have nothing bad to say about it.

    September 29, 2014 at 9:26 am #184959
    Robby
    Participant

    I just checked on my Ubuntu server, looks like I need to update. Not sure why I didn’t hear about this till now!

    Thanks.

    September 29, 2014 at 1:03 pm #184978
    nixnerd
    Participant

    Not sure why I didn’t hear about this till now!

    Do you read Y Combinator’s Hacker News? If not, that’s why.

    September 29, 2014 at 1:21 pm #184982
    chrisburton
    Participant

    No.

    Ah. I’ll stick with Ramnode for now if it’s not managed. I do like how Digital Ocean is active in the community with tutorials, etc. Ramnode pretty much forces you to login to the IRC channel with hope that someone helps you.

    Do you read Y Combinator’s Hacker News? If not, that’s why.

    The way in which I found out was through Twitter (Josh Lockhart retweeted the vuln.).

    Side Story:

    When I was having trouble installing HHVM, I was checking error logs and accidentally clicked on access_logs and discovered someone was already testing the vulnerability on my server.

    September 29, 2014 at 1:24 pm #184983
    nixnerd
    Participant

    When I was having trouble installing HHVM, I was checking error logs and accidentally clicked on access_logs and discovered someone was already testing the vulnerability on my server.

    Yeah, that doesn’t surprise me at all.

  • Author
    Posts
Viewing 10 posts - 1 through 10 (of 10 total)
  • The forum ‘Other’ is closed to new topics and replies.