Skip to main content

Home/ Indie Nation/ Group items tagged command

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
John Lemke

Shellshock: Code injection vulnerability found in Bash | LIVE HACKING - 0 views

www.livehacking.com/...on-vulnerability-found-in-bash

2014.09.29-TNN code bash hacking indienationnews 2014 technology tech security

shared by John Lemke on 26 Sep 14 - No Cached
  • A code injection vulnerability in the Bourne again shell (Bash) has been disclosed on the internet. If exploited then arbitrary commands can be executed, and where Bash is used in relation to a network service, for example in CGI scripts on a web server, then the vulnerability will allow remote code execution.
  • The problem is that Bash does not stop after processing the function definition; it continues to parse and execute any shell commands following the function definition
  • The vulnerability is deemed as critical because Bash is used widely on many types of UNIX-like operating systems including Linux, BSD, and Mac OS X.
  • ...1 more annotation...
  • The most prominent attack vector is via HTTP requests sent to CGI scripts executed by Bash. Also, if SSH has been configured to allow remote users to run a set of restricted commands, like rsync or git, this bug means that an attacker can use SSH to execute any command and not just the restricted command.
John Lemke

Hackers Using 'Shellshock' Bash Vulnerability to Launch Botnet Attacks - 0 views

thehackernews.com/...ash-Vulnerability-exploit.html

2014.09.29-TNN indienationnews vulnerability bash hackers security vunerability

shared by John Lemke on 27 Sep 14 - No Cached
  • Researchers on Thursday discovered a critical remotely exploitable vulnerability in the widely used command-line shell GNU Bourne Again Shell (Bash), dubbed "Shellshock" which affects most of the Linux distributions and servers worldwide, and may already have been exploited in the wild to take over Web servers as part of a botnet that is currently trying to infect other servers as well.
  • the vulnerability is already being used maliciously by the hackers.
  • There is as of yet no official patch that completely addresses both vulnerabilities, including the second, which allows an attacker to overwrite files on the targeted system.
  • ...3 more annotations...
  • It's things like CGI scripts that are vulnerable, deep within a website (like CPanel's /cgi-sys/defaultwebpage.cgi)," Graham wrote in a blog post. "Getting just the root page is the thing least likely to be vulnerable. Spidering the site and testing well-known CGI scripts (like the CPanel one) would give a lot more results—at least 10x." In addition, Graham said, "this thing is clearly wormable and can easily worm past firewalls and infect lots of systems. One key question is whether Mac OS X and iPhone DHCP service is vulnerable—once the worm gets behind a firewall and runs a hostile DHCP server, that would be 'game over' for large networks."
  • 32 ORACLE PRODUCTS VULNERABLE
  • PATCH ISSUED, BUT INCOMPLETE
  • John Lemke on 27 Sep 14
     
    "Researchers on Thursday discovered a critical remotely exploitable vulnerability in the widely used command-line shell GNU Bourne Again Shell (Bash), dubbed "Shellshock" which affects most of the Linux distributions and servers worldwide, and may already have been exploited in the wild to take over Web servers as part of a botnet that is currently trying to infect other servers as well."
John Lemke

Commander Hadfield's Amazing Cover Of David Bowie's Space Oddity Disappears Today, Than... - 0 views

www.techdirt.com/...oday-thanks-to-copyright.shtml

indienationnews 2014 cover copyright copywrong major tom David Bowie IN-

shared by John Lemke on 13 May 14 - No Cached
  • Commander Hadfield posted on Twitter this morning that today is the last day for the video online, because they only had a license to use it for one year.
  • It's got over 22 million views, and it's about to go away... because of copyright and the idea that everything needs to be licensed.
  • One would hope that David Bowie (and/or whoever else holds the copyrights in question) would recognize just how insanely bad this looks and would "grant" a perpetual free license to keep this video online. Bowie, himself, has had a rather progressive view of copyright for many years. Back in 2002, for example, Bowie declared that "I'm fully confident that copyright, for instance, will no longer exist in 10 years, and authorship and intellectual property is in for such a bashing," and further noting that this is "terribly exciting."
  • John Lemke on 13 May 14
     
    What a shame. Especially since he did a great job with the cover.
John Lemke

Java-based malware driving DDoS botnet infects Windows, Mac, Linux devices | Ars Technica - 0 views

arstechnica.com/...ects-windows-mac-linux-devices

2014 malware ddos windows mac linux technology tech security botnet

shared by John Lemke on 29 Jan 14 - No Cached
  • takes hold of computers by exploiting CVE-2013-2465, a critical Java vulnerability that Oracle patched in June. The security bug is present on Java 7 u21 and earlier. Once the bot has infected a computer, it copies itself to the autostart directory of its respective platform to ensure it runs whenever the machine is turned on. Compromised computers then report to an Internet relay chat channel that acts as a command and control server.
  • The botnet is designed to conduct distributed denial-of-service attacks on targets of the attackers' choice. Commands issued in the IRC channel allow the attackers to specify the IP address, port number, intensity, and duration of attacks.
John Lemke

Neon Goat MP3 Report Generator - 0 views

mp3report.sourceforge.net

IDtags ubuntu windows utility tagging html sound neon 2011 report generator

shared by John Lemke on 22 Jun 11 - No Cached
  • John Lemke on 22 Jun 11
     
    This command line program will generate an HTML list of directories for mp3.  This is exactly what I was looking for and it also has a windows version
John Lemke

Want to remotely control a car? $20 in parts, some oily fingers, and you're in command ... - 0 views

www.theregister.co.uk/...ome_oily_fingers_and_its_yours

2014 control car hack security automobile indienationnews

shared by John Lemke on 08 Feb 14 - No Cached
  • untraceable, off-the-shelf parts worth $20 that can give wireless access to the car's controls while it's on the road.
  • Illera and fellow security researcher Javier Vazquez-Vidal said that they had tested the CAN Hacking Tool (CHT) successfully on four popular makes of cars and had been able to apply the emergency brakes while the car was in motion, affect the steering, turn off the headlights, or set off the car alarm.
  • currently only works via Bluetooth,
John Lemke

Microsoft Announces Windows 10 | TechCrunch - 0 views

techcrunch.com/...microsoft-announces-windows-10

microsoft 2014 indienationnews tech Windows OS

shared by John Lemke on 01 Oct 14 - No Cached
  • Starting tomorrow, Microsoft will launch a Windows Insider Program that will give users who are comfortable with running very early beta software access to Windows 10. This first preview will be available for laptops and desktops. A build for servers will follow later.
  • The company went on to detail that its new operating system will have a tailored user experience between different screen sizes — that’s to say that if you are on a smaller device, you will see a different sort of user interface. The code will run across all device categories: “One product family. One platform. One store.”
  • Put more bluntly, the company is going for the enterprise crown.
  • ...4 more annotations...
  • bringing back a few features of Windows 7
  • ncluding a redesigned start menu that combines the basic Windows 7 menu with the (resizable) tiles of the Windows 8 start screen. Windows 8 Metro apps can now also open in a windowed mode on the desktop, so you aren’t taking into the full-screen mode by default and you can use a “modern” Windows 8 side by side with a standard Windows desktop app.
  • multiple desktops
  • command line, too, which has also been improved quite a bit.
  • John Lemke on 01 Oct 14
     
    "the last 943 people to cover the operating system got the name wrong."
1 - 8 of 8
Showing 20 items per page