How not to get shocked by #ShellShock

HeartBleed 2.0!
Greatest security threat ever!
We have been vulnerable for 22 years and we are JUST NOW finding out!

Technopanic is running rampant with this ‘new’ discovery. What with technopanic being so closely linked to to technophobia, it is no surprise that as a result of this discovery people are calling for government fixes to such dangerous situations. While open reporting of bugs is great and wonderful, the click bait (I hate that term, just a derogatory way of saying headline) grist mill of the large reporting sites tends to turn out untrue statements. What’s worst, is that even if the sensationalized titillating title of a report piece is phrased as a question, hence prompting further reading and providing a thin veneer of deniability to the author, there is not any good information for the reader to make an informed decision.

‘The new discovery shows that all systems running BASH are potentially vulnerable’ Really? How? Anything with Unix or Linux has BASH on it (like, even my refrigerator and washer and dryer, dude. Is it SkyNet?). Thats a really scary line. and its not REALLY inaccurate, its just uninformative. Let’s get a little squirrelly and talk about what this vulnerability is and isn’t (then those of you that just wanted details can leave and we more luddite types can have a kumbaya moment).

If a system is connected to the internet AND accepts public input WITHOUT verification as environmental variables in the BASH shell(yes, I KNOW the SH in BASH stands for shell, it just seemed wrong to write it as ‘in the BASH’), then an attacker could, assuming they knew what applications the system was running that used environmental, alter said variables to cause software to behave in was not intended. This means that an attacker COULD, given the right information about the said system, retrieve data or control the system. If you have been following along on your play at home cards, that is a good string of ifs. So, while it is true that ANY system with BASH COULD be vulnerable, it is not like an attacker just has to type ~iddqd and suddenly they have control of everything.

Less technical version? Chill out. It is not going to blank out your computer, erase your DVR, max out your credit, delete your mortgage(though I want a virus that does that), or eat all the ice cream out of your fridge(unless you have a dog named Stitch, cuz that thing runs on a hacked version of BASH to start with).

How will you know when a really bad flaw gets found? when this blog disappear, I wipe my FB account, grab my BOB and head for the high mountains.

Advertisements
Tagged with: , , , , , ,
Posted in Developing, digital, News, Social Concerns, Technology, TechnoPanic, TechnoPhobia

Re:

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s