Shellshock Warning: Even after patching, your old vulnerable bash binary could be “resurrected” from memory

By |September 30th, 2014|Categories: Linux, Reference, Technology|Tags: , , |0 Comments

I received an email today from a friend and fellow Linux sysadmin, Todd Lyons, informing me of a very sneaky way to exploit the Shellshock vulnerability under what he calls “just the wrong conditions.”

Here’s how his email starts out:
With your recent blog post, you might also want to advise people to further look around their systems to see if they need to restart any services. If non-trusted users have shell accounts, you can still access the old (replaced) bash binary under just the wrong […]

Is DD-WRT Vulnerable to the Shellshock Bash Bug?

Because I publish a lot of articles on DD-WRT router firmware, and I also recently published an article on patching the Shellshock bug on older Fedora-based Linux systems, I’ve been receiving a lot of emails asking if DD-WRT firmware is affected by the Shellshock Bash bug. The answer is… maybe.

By default, the shell used by DD-WRT is displayed when you ssh into your router:

The built-in BusyBox “ash” shell is different than Bash, and I’ve run the exploit tests from my Fedora Shellshock article against ash in DD-WRT […]

How to Manually Update Bash to Patch Shellshock Bug on Older Fedora-Based Systems

With the announcement of the Shellshock Bash Bug, Linux admins around the world have been scrambling to patch their Bash shells so that they’re no longer vulnerable to the exploit. If you have a Fedora, RHEL, or CentOS system that hasn’t reached End-Of-Life, then updating to a patched version of Bash is as simple as:

But what if you have a system running Fedora 12, Fedora 13, Fedora 14, Fedora 15, Fedora 16, Fedora 17, Fedora 18, or Fedora 19… or even RHEL/CentOS 3 or RHEL/CentOS 4, or […]

How to Install an ecobee3 Smart Thermostat

So you got your hands on an ecobee3 smart thermostat, and instead of reading through the installation manual (which is actually pretty good), you came to the Internet to figure out how to install your ecobee3.

OK, fine… I’ll help you. :)

This how-to guide for installing your ecobee3 covers a few different basic install options. Depending on  what type of thermostat you’re replacing, and how many wires are available to your old thermostat, there’s a good chance that following these steps will get you up and running quickly with […]

ecobee 3 Review

In 2009, Toronto-based ecobee released the very first “smart” thermostat  and called it, not surprisingly, the “ecobee Smart” (see my original review of the Smart from 2010). Since then, they’ve followed up with the ecobee Si (which I call the Smart’s “little brother”), along with a handful of firmware and mobile app updates for both products.

Earlier this week, ecobee announced and started taking pre-orders for their new flagship product: the ecobee3, which starts shipping on September 29, 2014. However, calling the $249 ecobee3 a mere “upgrade” of the original Smart would […]

ecobee3 First Look and Unboxing Video

I’m still tinkering with the new ecobee3 smart thermostat, and will have a full review posted soon.

In the meantime, you can check out my initial reaction in this unboxing video (in TWO parts):

Part 1:

Part 2:

Stay tuned for the full review soon!

New ecobee3 thinks it’s time to leave the Nest

While the Nest smart thermostat has fans of Apple-inspired designs swooning, it wasn’t the first smart thermostat. Toronto-based ecobee is actually the pioneer in this industry, and had two iterations of smart thermostats (the original “Smart” and the “Si”) on the market well before Nest (and now Honeywell) jumped into the fray. Like most pioneers, ecobee took a few arrows in its back. But now it’s firing back — and it looks like the arrows are aimed directly at Nest.

Announced this morning, the ecobee3 […]

What Hacked Nude Celebrity Photos Can Teach Us About Privacy in the Digital Age

Another day, another story about nude photos of celebrities being hacked and posted online. I won’t mention the names of the celebrities in this most recent round, because it really doesn’t matter… and I really don’t want to accidentally show up in web searches of people looking for the photos.

What is interesting about this story, however,  is that it appears that the photos were hacked from iCloud — Apple’s data storage service in use by every iPhone, iPad, and iPod on the planet.

That’s scary.

I could post […]

Getting Rid of Moles: What Works, and What Doesn’t

Like a lot of guys, I take great pride in my lawn. I like it green, flat, fertilized, and weed-free. Because I have an irrigation well, I’m able to water my lawn all summer long and keep the soil moist. But wherever you have moist soil, you have earthworms. And wherever you have earthworms, you have animals whose primary diet consists of earthworms… like moles.

Moles.

Are.

The devil.

I hate moles. I hate them with the same passion that Carl from Caddyshack hated the gopher:

Every year, I do battle with […]

My Favorite BBQ Accessories

This year has been one of the best summers I can remember in Seattle. The weather’s been perfect, and I’ve been able to relax — which includes working on a bunch of projects around the house (don’t judge how I relax :)). But one of my favorite things about summer is outdoor cooking on my Traeger BBQ 400 “Select” wood-pellet BBQ.

Regular readers of my blog know I’m a gadget geek – and while that applies primarily to electronics, it also extends to other areas, too… including […]