"Shellshock" bash bug
Gene Heskett
gheskett at wdtv.com
Sat Sep 27 13:00:44 UTC 2014
On Saturday 27 September 2014 08:39:53 Robert Heller did opine
And Gene did reply:
> > > > We are being told by the finders that no login is needed.
> > >
> > > True, it seems that web server and dhcp can also be attacked,
> > > however since only port 22 is open and dhcp is from my router then
> > > it seems I am safe, provided the router is clean.
> > >
> > > Cheers
> > >
> > > Colin
> >
> > You aren't remembering that the router itself is using a dhcp client
> > to get its network address from your ISP's servers. That could make
> > it vulnerable.
>
> If the ISP's servers were hacked.
Precisely my point Robert. And at this time, we've no knowledge of how
prevalent that might be.
But I'd make the comment that those are generally full blown installs,
with as yet unknown numbers of attackable "low hanging fruit". With the
success of this one against linux like installs, I expect we WILL see more
of these specialized attacks.
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>
US V Castleman, SCOTUS, Mar 2014 is grounds for Impeaching SCOTUS
More information about the ubuntu-users
mailing list