DTNS 2330 – B*A*S*H

Logo by Mustafa Anabtawi thepolarcat.comBreki Tomasson is on the show and while we will touch on a glaring omission from Healthkit, the main story is the bash vulnerability Shellshock. Thankfully Steve Gibson agreed to drop in and explain it to us!

MP3

Multiple versions (ogg, video etc.) from Archive.org.

Please SUBSCRIBE HERE.

A special thanks to all our Patreon supporters–without you, none of this would be possible.

If you enjoy the show, please consider supporting the show here at the low, low cost of a nickel a day on Patreon. Thank you!

Big thanks to Dan Lueders for the headlines music and Martin Bell for the opening theme!

Big thanks to Mustafa A. from thepolarcat.com for the logo!

Thanks to our mods, Kylde, TomGehrke and scottierowland on the subreddit

Show Notes

Today’s guest: Breki Tomasson, creator of the CSICon podcasting network and Steve Gibson, co-host of Security Now and head of the Gibson Research Corporation

Headlines

Last week a vulnerability in bash was reported to Red Hat by Unix expert Stephane Chazelas. The vulnerability was revealed late Wednesday. GigaOm has a good roundup of the details, but it essentially allows an environmental variable with an arbitrary name to carry a malicious function definition with trailing commands. That means it can get your server to execute code. It affects any OS that implements bash which includes Apache, most versions of Linux and Mac OS X. It also can include many routers, webcams and other embedded systems. Red Hat issued a partial patch and Akamai published some mitigation measures, but more fixes from more vendors are expected.

Continue reading DTNS 2330 – B*A*S*H