Ssshhhh. Security by obscurity is not practiced here. So don't disturb us, we're being vigilant.
Eventually this story will be in the Exhibition Section, but for now it is in Security. Of course, the FBI says it is just this one time on this out of date phone used by those bad guys and owned by a ‘state’ agency.
Here’s the Full Transcript of TIME’s Interview With Apple CEO Tim Cook
Eventually this story will be in the Exhibition Section, but for now it is in Security. Of course, the FBI says it is just this one time on this out of date phone used by those bad guys and owned by a ‘state’ agency.
Here’s the Full Transcript of TIME’s Interview With Apple CEO Tim Cook
Especially see the videos section http://www.rsaconference.com/videos?conference=18&keywords=&page=1
Here’s an interesting one: {https://youtu.be/nyrMW3YIgaI}
Especially see the videos section http://www.rsaconference.com/videos?conference=18&keywords=&page=1
Here’s an interesting one: {https://youtu.be/nyrMW3YIgaI}
Kreb’s On Security has all the info. What’s in a Boarding Pass Barcode? A Lot.
It isn’t just that the barcode told of the persons future flight, the information granted an unauthorized person enough info to get online and change that data. Think of the repurcussions for any barcodes used in your facility, and how it is outside sources like this that allowed sensational breaches such as Target and Home Depot custormer data being exposed.
Kreb’s On Security has all the info. What’s in a Boarding Pass Barcode? A Lot.
It isn’t just that the barcode told of the persons future flight, the information granted an unauthorized person enough info to get online and change that data. Think of the repurcussions for any barcodes used in your facility, and how it is outside sources like this that allowed sensational breaches such as Target and Home Depot custormer data being exposed.
Urgent Urgent~! Don’t look the other way from this one.
What is BASH? That’s an easy one: Bourne-Again SHell. A pun in that Bourne was the name of an originator of the predecessor Shell.
What is a Shell? Easy as well. An interface, basically, that allows one to directly speak to an operating system and give it instructions that it will follow. If you have done a ping or ipconfig, you have probably done it through a shell. Most every computer running a variant of Unix will likely have Bash since it is the open source version that nearly everyone picks.
But, let’s be clear here…if you did an ipconfig it was likely on a Windows computer and it isn’t running Bash.
But at this time your mac is running Bash, and it is vulnerable. Are you connected on a network? Are you certain that your sharing isn’t set up incorrectly?
Do you have a website running on a Linux server?
Either way, run this command in your terminal program:
env VAR='() { :;}; echo Bash is vulnerable!' bash -c "echo Bash Test"If the response is Bash is vulnerable, then you’ll be wanting to fix that. There are already bots running around exploiting this flaw.
Here is the link that Digital Ocean sent to their clients:
How to Protect your Server Against the Shellshock Bash Vulnerability | DigitalOcean
Drop everything. At least make your servers safe, because there are already botnets running around with exploits.
For the truly bold – your author just did this successfully with his OSX 10.9.5 MacBook Pro – there is a solution to rebuild bash at:
Every Mac Is Vulnerable to the Shellshock Bash Exploit: Here’s How to Patch OS X « Mac Tips
Another:
The other side of the panic for those with personal computers is that you have to logged in and that is with a password, right?
Urgent Urgent~! Don’t look the other way from this one.
What is BASH? That’s an easy one: Bourne-Again SHell. A pun in that Bourne was the name of an originator of the predecessor Shell.
What is a Shell? Easy as well. An interface, basically, that allows one to directly speak to an operating system and give it instructions that it will follow. If you have done a ping or ipconfig, you have probably done it through a shell. Most every computer running a variant of Unix will likely have Bash since it is the open source version that nearly everyone picks.
But, let’s be clear here…if you did an ipconfig it was likely on a Windows computer and it isn’t running Bash.
But at this time your mac is running Bash, and it is vulnerable. Are you connected on a network? Are you certain that your sharing isn’t set up incorrectly?
Do you have a website running on a Linux server?
Either way, run this command in your terminal program:
env VAR='() { :;}; echo Bash is vulnerable!' bash -c "echo Bash Test"If the response is Bash is vulnerable, then you’ll be wanting to fix that. There are already bots running around exploiting this flaw.
Here is the link that Digital Ocean sent to their clients:
How to Protect your Server Against the Shellshock Bash Vulnerability | DigitalOcean
Drop everything. At least make your servers safe, because there are already botnets running around with exploits.
For the truly bold – your author just did this successfully with his OSX 10.9.5 MacBook Pro – there is a solution to rebuild bash at:
Every Mac Is Vulnerable to the Shellshock Bash Exploit: Here’s How to Patch OS X « Mac Tips
Another:
The other side of the panic for those with personal computers is that you have to logged in and that is with a password, right?
Urgent Urgent~! Don’t look the other way from this one.
What is BASH? That’s an easy one: Bourne-Again SHell. A pun in that Bourne was the name of an originator of the predecessor Shell.
What is a Shell? Easy as well. An interface, basically, that allows one to directly speak to an operating system and give it instructions that it will follow. If you have done a ping or ipconfig, you have probably done it through a shell. Most every computer running a variant of Unix will likely have Bash since it is the open source version that nearly everyone picks.
But, let’s be clear here…if you did an ipconfig it was likely on a Windows computer and it isn’t running Bash.
But at this time your mac is running Bash, and it is vulnerable. Are you connected on a network? Are you certain that your sharing isn’t set up incorrectly?
Do you have a website running on a Linux server?
Either way, run this command in your terminal program:
env VAR='() { :;}; echo Bash is vulnerable!' bash -c "echo Bash Test"If the response is Bash is vulnerable, then you’ll be wanting to fix that. There are already bots running around exploiting this flaw.
Here is the link that Digital Ocean sent to their clients:
How to Protect your Server Against the Shellshock Bash Vulnerability | DigitalOcean
Drop everything. At least make your servers safe, because there are already botnets running around with exploits.
For the truly bold – your author just did this successfully with his OSX 10.9.5 MacBook Pro – there is a solution to rebuild bash at:
Every Mac Is Vulnerable to the Shellshock Bash Exploit: Here’s How to Patch OS X « Mac Tips
Another:
The other side of the panic for those with personal computers is that you have to logged in and that is with a password, right?
What would it mean in the projection booth? DCI hardware, software and firmware requirements are pretty redundant and keep many secrets deep in their mechanisms. The biggest trick would be to get enough data from one trusted device and be able to carry it to a different machine in such a way that it becomes a trusted device.
The way they talk about this USB incursion doesn’t seem to lend that capability any more than if a knowledgable manufacturer tried to do that in their own offices. That route hasn’t been done or, if done, exploited. The proof would be duplicated uncompressed movies with no forensic marking – which hasn’t happened.
But giving away copyrighted materials isn’t the only bad thing that could happen to a network with a projector on it. As the US Defense Department learned, an entire network can be infiltrated from one USB incursion.
All the more reason for firm policies/inspections/reports of locked doors and no even authorized persons allowed to roam around the facility.
What would it mean in the projection booth? DCI hardware, software and firmware requirements are pretty redundant and keep many secrets deep in their mechanisms. The biggest trick would be to get enough data from one trusted device and be able to carry it to a different machine in such a way that it becomes a trusted device.
The way they talk about this USB incursion doesn’t seem to lend that capability any more than if a knowledgable manufacturer tried to do that in their own offices. That route hasn’t been done or, if done, exploited. The proof would be duplicated uncompressed movies with no forensic marking – which hasn’t happened.
But giving away copyrighted materials isn’t the only bad thing that could happen to a network with a projector on it. As the US Defense Department learned, an entire network can be infiltrated from one USB incursion.
All the more reason for firm policies/inspections/reports of locked doors and no even authorized persons allowed to roam around the facility.
What would it mean in the projection booth? DCI hardware, software and firmware requirements are pretty redundant and keep many secrets deep in their mechanisms. The biggest trick would be to get enough data from one trusted device and be able to carry it to a different machine in such a way that it becomes a trusted device.
The way they talk about this USB incursion doesn’t seem to lend that capability any more than if a knowledgable manufacturer tried to do that in their own offices. That route hasn’t been done or, if done, exploited. The proof would be duplicated uncompressed movies with no forensic marking – which hasn’t happened.
But giving away copyrighted materials isn’t the only bad thing that could happen to a network with a projector on it. As the US Defense Department learned, an entire network can be infiltrated from one USB incursion.
All the more reason for firm policies/inspections/reports of locked doors and no even authorized persons allowed to roam around the facility.
Science and R&D says it will keep moving data from the mystery to the usable.
Security expertise tries to promise the same, with the same infinite number of possible failures. Fortunately there are life lessons that we can apply to our projection room and attached networked devices from the latest exposition of these failures.
From the NAB videos of John Hurst’s logical pleas (posted at CineTechGeek) to Bruce Schneier’s Disclosing vs. Hoarding Vulnerabilities article to the flurry of Heartbleed to the news of the well-used TrueCrypt’s announcement…we should get the message: No matter the trauma, or threat of trauma, Upgrade Your Software and Firmware.
Science and R&D says it will keep moving data from the mystery to the usable.
Security expertise tries to promise the same, with the same infinite number of possible failures. Fortunately there are life lessons that we can apply to our projection room and attached networked devices from the latest exposition of these failures.
From the NAB videos of John Hurst’s logical pleas (posted at CineTechGeek) to Bruce Schneier’s Disclosing vs. Hoarding Vulnerabilities article to the flurry of Heartbleed to the news of the well-used TrueCrypt’s announcement…we should get the message: No matter the trauma, or threat of trauma, Upgrade Your Software and Firmware.
List of common SSL offending (and non-offending) sites.
The Heartbleed Hit List: The Passwords You Need to Change Right Now
Good video explanation:
Mashable Explains: What Is the Heartbleed Encryption Bug?
Java MUST MUST MUST read and do:
Critical Java Update Plugs 37 Security Holes — Krebs on Security