Skip to main content

Home/ Future of the Web/ Group items tagged bash

Rss Feed Group items tagged

Gonzalo San Gil, PhD.

Free Software Foundation statement on the GNU Bash "shellshock" vulnerability - Free So... - 0 views

  •  
    "by Free Software Foundation - Published on Sep 25, 2014 04:51 PM A major security vulnerability has been discovered in the free software shell GNU Bash. The most serious issues have already been fixed, and a complete fix is well underway. GNU/Linux distributions are working quickly to release updated packages for their users. All Bash users should upgrade immediately, and audit the list of remote network services running on their systems. " [# ! + http://security.stackexchange.com/questions/68168/is-there-a-short-command-to-test-if-my-server-is-secure-against-the-shellshock-b]
  •  
    "by Free Software Foundation - Published on Sep 25, 2014 04:51 PM A major security vulnerability has been discovered in the free software shell GNU Bash. The most serious issues have already been fixed, and a complete fix is well underway. GNU/Linux distributions are working quickly to release updated packages for their users. All Bash users should upgrade immediately, and audit the list of remote network services running on their systems. "
Gonzalo San Gil, PhD.

Cómo una vulnerabilidad en Bash de Linux, OS X y *NIX es un gran problema de ... - 0 views

  •  
    "Si alguna vez habéis trabajado con OS X o Linux, seguro que conocéis bash. Es la terminal por defecto de estos sistemas, donde ponemos los comandos que queremos ejecutar. Es el espacio de trabajo, el equivalente al escritorio cuando usamos el ratón."
Gonzalo San Gil, PhD.

Heartbleed Was Bad, but Shellshock Was Worse, Researcher Says - 0 views

  •  
    "Both the Heartbleed and Shellshock bugs were open-source flaws found in many Linux distributions, and both had the potential to impact OpenStack cloud users. Heartbleed is a flaw in the OpenSSL crytographic library for secure transport while Shellshock is a vulnerability in the Bash shell." [# ! At least... # ! … #OpenSource #community were #warned# ! and the #flaws were #solved…. among @ll. # ! #imagine how many flaws live in the #proprietary #closed #source# ! #unaware #users' #software…]
  •  
    "Both the Heartbleed and Shellshock bugs were open-source flaws found in many Linux distributions, and both had the potential to impact OpenStack cloud users. Heartbleed is a flaw in the OpenSSL crytographic library for secure transport while Shellshock is a vulnerability in the Bash shell."
Gonzalo San Gil, PhD.

An Open Source Solution to Shellshock - eSecurity Planet - 0 views

  •  
    "An open source tool can mitigate risks associated with Bash shell attack. By Sean Michael Kerner | Posted October 01, 2014"
  •  
    "An open source tool can mitigate risks associated with Bash shell attack. By Sean Michael Kerner | Posted October 01, 2014"
Gonzalo San Gil, PhD.

Comcast seeks to fix awful customer service, admits "it may take a few years" | Ars Tec... - 1 views

  •  
    [# The '#Piracy' #blamers start to speak... and rectify.] "Comcast executive Charlie Herrin is aiming to improve Comcast's legendarily poor customer service. Comcast After months of getting bashed for treating customers poorly, Comcast today said it's going to make improving customer service its "number one priority." But the company admitted that "it may take a few years before we can honestly say that a great customer experience is something we're known for.""
  •  
    [# The '#Piracy' #blamers start to speak... and rectify.] "Comcast executive Charlie Herrin is aiming to improve Comcast's legendarily poor customer service. Comcast After months of getting bashed for treating customers poorly, Comcast today said it's going to make improving customer service its "number one priority." But the company admitted that "it may take a few years before we can honestly say that a great customer experience is something we're known for.""
Gonzalo San Gil, PhD.

How To Find My Public IP Address From Command Line On a Linux - 0 views

  •  
    "How do I find out my public IP address on the Linux and OS X Unix command line to use with my own bash shell script without using third party web site? Is there command-line option which will show my dynamic IP address on a Ubuntu or Fedora Linux?"
Paul Merrell

He Was a Hacker for the NSA and He Was Willing to Talk. I Was Willing to Listen. - 2 views

  • he message arrived at night and consisted of three words: “Good evening sir!” The sender was a hacker who had written a series of provocative memos at the National Security Agency. His secret memos had explained — with an earthy use of slang and emojis that was unusual for an operative of the largest eavesdropping organization in the world — how the NSA breaks into the digital accounts of people who manage computer networks, and how it tries to unmask people who use Tor to browse the web anonymously. Outlining some of the NSA’s most sensitive activities, the memos were leaked by Edward Snowden, and I had written about a few of them for The Intercept. There is no Miss Manners for exchanging pleasantries with a man the government has trained to be the digital equivalent of a Navy SEAL. Though I had initiated the contact, I was wary of how he might respond. The hacker had publicly expressed a visceral dislike for Snowden and had accused The Intercept of jeopardizing lives by publishing classified information. One of his memos outlined the ways the NSA reroutes (or “shapes”) the internet traffic of entire countries, and another memo was titled “I Hunt Sysadmins.” I felt sure he could hack anyone’s computer, including mine. Good evening sir!
  • The sender was a hacker who had written a series of provocative memos at the National Security Agency. His secret memos had explained — with an earthy use of slang and emojis that was unusual for an operative of the largest eavesdropping organization in the world — how the NSA breaks into the digital accounts of people who manage computer networks, and how it tries to unmask people who use Tor to browse the web anonymously. Outlining some of the NSA’s most sensitive activities, the memos were leaked by Edward Snowden, and I had written about a few of them for The Intercept. There is no Miss Manners for exchanging pleasantries with a man the government has trained to be the digital equivalent of a Navy SEAL. Though I had initiated the contact, I was wary of how he might respond. The hacker had publicly expressed a visceral dislike for Snowden and had accused The Intercept of jeopardizing lives by publishing classified information. One of his memos outlined the ways the NSA reroutes (or “shapes”) the internet traffic of entire countries, and another memo was titled “I Hunt Sysadmins.” I felt sure he could hack anyone’s computer, including mine.
  • I got lucky with the hacker, because he recently left the agency for the cybersecurity industry; it would be his choice to talk, not the NSA’s. Fortunately, speaking out is his second nature.
  • ...7 more annotations...
  • He agreed to a video chat that turned into a three-hour discussion sprawling from the ethics of surveillance to the downsides of home improvements and the difficulty of securing your laptop.
  • In recent years, two developments have helped make hacking for the government a lot more attractive than hacking for yourself. First, the Department of Justice has cracked down on freelance hacking, whether it be altruistic or malignant. If the DOJ doesn’t like the way you hack, you are going to jail. Meanwhile, hackers have been warmly invited to deploy their transgressive impulses in service to the homeland, because the NSA and other federal agencies have turned themselves into licensed hives of breaking into other people’s computers. For many, it’s a techno sandbox of irresistible delights, according to Gabriella Coleman, a professor at McGill University who studies hackers. “The NSA is a very exciting place for hackers because you have unlimited resources, you have some of the best talent in the world, whether it’s cryptographers or mathematicians or hackers,” she said. “It is just too intellectually exciting not to go there.”
  • The Lamb’s memos on cool ways to hunt sysadmins triggered a strong reaction when I wrote about them in 2014 with my colleague Ryan Gallagher. The memos explained how the NSA tracks down the email and Facebook accounts of systems administrators who oversee computer networks. After plundering their accounts, the NSA can impersonate the admins to get into their computer networks and pilfer the data flowing through them. As the Lamb wrote, “sys admins generally are not my end target. My end target is the extremist/terrorist or government official that happens to be using the network … who better to target than the person that already has the ‘keys to the kingdom’?” Another of his NSA memos, “Network Shaping 101,” used Yemen as a theoretical case study for secretly redirecting the entirety of a country’s internet traffic to NSA servers.
  • “If I turn the tables on you,” I asked the Lamb, “and say, OK, you’re a target for all kinds of people for all kinds of reasons. How do you feel about being a target and that kind of justification being used to justify getting all of your credentials and the keys to your kingdom?” The Lamb smiled. “There is no real safe, sacred ground on the internet,” he replied. “Whatever you do on the internet is an attack surface of some sort and is just something that you live with. Any time that I do something on the internet, yeah, that is on the back of my mind. Anyone from a script kiddie to some random hacker to some other foreign intelligence service, each with their different capabilities — what could they be doing to me?”
  • “You know, the situation is what it is,” he said. “There are protocols that were designed years ago before anybody had any care about security, because when they were developed, nobody was foreseeing that they would be taken advantage of. … A lot of people on the internet seem to approach the problem [with the attitude of] ‘I’m just going to walk naked outside of my house and hope that nobody looks at me.’ From a security perspective, is that a good way to go about thinking? No, horrible … There are good ways to be more secure on the internet. But do most people use Tor? No. Do most people use Signal? No. Do most people use insecure things that most people can hack? Yes. Is that a bash against the intelligence community that people use stuff that’s easily exploitable? That’s a hard argument for me to make.”
  • I mentioned that lots of people, including Snowden, are now working on the problem of how to make the internet more secure, yet he seemed to do the opposite at the NSA by trying to find ways to track and identify people who use Tor and other anonymizers. Would he consider working on the other side of things? He wouldn’t rule it out, he said, but dismally suggested the game was over as far as having a liberating and safe internet, because our laptops and smartphones will betray us no matter what we do with them. “There’s the old adage that the only secure computer is one that is turned off, buried in a box ten feet underground, and never turned on,” he said. “From a user perspective, someone trying to find holes by day and then just live on the internet by night, there’s the expectation [that] if somebody wants to have access to your computer bad enough, they’re going to get it. Whether that’s an intelligence agency or a cybercrimes syndicate, whoever that is, it’s probably going to happen.”
  • There are precautions one can take, and I did that with the Lamb. When we had our video chat, I used a computer that had been wiped clean of everything except its operating system and essential applications. Afterward, it was wiped clean again. My concern was that the Lamb might use the session to obtain data from or about the computer I was using; there are a lot of things he might have tried, if he was in a scheming mood. At the end of our three hours together, I mentioned to him that I had taken these precautions—and he approved. “That’s fair,” he said. “I’m glad you have that appreciation. … From a perspective of a journalist who has access to classified information, it would be remiss to think you’re not a target of foreign intelligence services.” He was telling me the U.S. government should be the least of my worries. He was trying to help me. Documents published with this article: Tracking Targets Through Proxies & Anonymizers Network Shaping 101 Shaping Diagram I Hunt Sys Admins (first published in 2014)
Gonzalo San Gil, PhD.

Linux Command Line Cheat Sheet by DaveChild - Cheatography.com: Cheat Sheets For Every ... - 0 views

  •  
    "A cheat sheet of the commands I use most for Linux, with popup links to man pages." [# ! Bacause a Huge #Memory... # ! ...is not all # ! that makes a (#Free) #Techie... # ! ✌☺]
  •  
    "A cheat sheet of the commands I use most for Linux, with popup links to man pages."
Gonzalo San Gil, PhD.

Getting started with commandline encryption tools on Linux - 1 views

  •  
    "1 Introduction Encryption is the process of encoding messages or information in such a way that only authorized parties can read them. With almost no privacy in this digital generation of our's, encryption of our data is one of the most required tools. "
  •  
    "1 Introduction Encryption is the process of encoding messages or information in such a way that only authorized parties can read them. With almost no privacy in this digital generation of our's, encryption of our data is one of the most required tools. "
1 - 9 of 9
Showing 20 items per page