Breki Tomasson is on the show and while we will touch on a glaring omission from Healthkit, the main story is the bash vulnerability Shellshock. Thankfully Steve Gibson agreed to drop in and explain it to us!
Multiple versions (ogg, video etc.) from Archive.org.
Please SUBSCRIBE HERE.
A special thanks to all our Patreon supporters–without you, none of this would be possible.
Big thanks to Mustafa A. from thepolarcat.com for the logo!
Thanks to our mods, Kylde, TomGehrke and scottierowland on the subreddit
Last week a vulnerability in bash was reported to Red Hat by Unix expert Stephane Chazelas. The vulnerability was revealed late Wednesday. GigaOm has a good roundup of the details, but it essentially allows an environmental variable with an arbitrary name to carry a malicious function definition with trailing commands. That means it can get your server to execute code. It affects any OS that implements bash which includes Apache, most versions of Linux and Mac OS X. It also can include many routers, webcams and other embedded systems. Red Hat issued a partial patch and Akamai published some mitigation measures, but more fixes from more vendors are expected.