September 25, 2014

Know How... 112: Bash Bug, GPU Upgrade, and Android Wear

54 minutes

Bash exploit allows an attacker to take complete control of a computer, upgrading your Video Card, VLAN's on a personal network, SSD Media Center, and make a custom watch face for your Android Wear Device.

Bash, Bash, Bash!

A new bug has been discovered in Bash that allows an attacker to take complete control of a computer running any UNIX-based operating system

That includes all flavors of Linux as well as Apple's OSX.

The National Vulnerability Database gave the exploit a "10 out of 10"

While the Heatbleed bug allowed attackers to spy on your traffic. This bug lets them attack your computer.

What is Bash

Bash is a command line shell that was released in 1989

It replaced the "Bourne Shell" -- and therefore it was dubbed the "Bourne-Again Shell" or BASH)

It allows users to issue commands to the Operating system through a command line.

What is the vulnerability?

Some researchers at Red Hat figured out that you could add a few extra lines to a bash command and have it execute scripts over the Internet.

Essentially... this allows a remote attack to have COMPLETE control over your OS.

Why is it Bad?

Heartbleed affected about 600,000 websites

The Bash Bug can affect HUNDREDS OF MILLIONS OF COMPUTERS AND DEVICES

Linux is baked into many smart devices (which means they're most likely not going to be patched)

Light Bulbs

Cameras

Automatic lighting/irrigation systems

Routers

Padre's Network

Enterasys D2 Switch (Core)

Radius Authentication Server

HP Intellijacks (Edge)

When new devices connect, they get an address and access to the gateway. They're put on their own VLAN in the "untrusted" subnet, so they can't see any other devices.

Once they authenticate, they're put on the "Trusted VLANS" -- They can now see basic network resources. (Internet Gateway // Media Server // Printers)

When they want to access another network resource (Other computers, admin tools, security, secure storage) they hit an access list.

If that device has permission to access that device (which is on its own VLAN), a new VLAN is created that encompasses both devices. That VLAN is deleted when communications are now longer required between devices.

Android Wear

Facer

Free Squarespace Giveaway for TWIT Network Audience Members
See official sweepstakes rules here. http://player.podtrac.com/rules-twit

Hosts: Fr. Robert Ballecer, SJ and Bryan Burnett

Connect with us!

Don't forget to check out our large library of projects at https://twit.tv/shows/know-how.

Tweet at us at @padresj, @Cranky_Hippo, and @Anelf3

Sponsors:

lynda.com/knowhow

squarespace.com offer code KNOWHOW

...more

View all episodes

By TWiT

44 ratings