TWiT Throwback (Video)

Know How... 112: Bash Bug, GPU Upgrade, and Android Wear

Listen Later

Bash exploit allows an attacker to take complete control of a computer, upgrading your Video Card, VLAN's on a personal network, SSD Media Center, and make a custom watch face for your Android Wear Device.

Bash, Bash, Bash!

  • A new bug has been discovered in Bash that allows an attacker to take complete control of a computer running any UNIX-based operating system
  • That includes all flavors of Linux as well as Apple's OSX.
  • The National Vulnerability Database gave the exploit a "10 out of 10"
  • While the Heatbleed bug allowed attackers to spy on your traffic. This bug lets them attack your computer.

    • What is Bash

    • Bash is a command line shell that was released in 1989
    • It replaced the "Bourne Shell" -- and therefore it was dubbed the "Bourne-Again Shell" or BASH)
    • It allows users to issue commands to the Operating system through a command line.

      • What is the vulnerability?

      • Some researchers at Red Hat figured out that you could add a few extra lines to a bash command and have it execute scripts over the Internet.
      • Essentially... this allows a remote attack to have COMPLETE control over your OS.

        • Why is it Bad?

        • Heartbleed affected about 600,000 websites
        • The Bash Bug can affect HUNDREDS OF MILLIONS OF COMPUTERS AND DEVICES
        • Linux is baked into many smart devices (which means they're most likely not going to be patched)
          • Light Bulbs
          • Cameras
          • Automatic lighting/irrigation systems
          • Routers

            • Padre's Network

            • Enterasys D2 Switch (Core)
            • Radius Authentication Server
            • HP Intellijacks (Edge)
            • When new devices connect, they get an address and access to the gateway. They're put on their own VLAN in the "untrusted" subnet, so they can't see any other devices.
            • Once they authenticate, they're put on the "Trusted VLANS" -- They can now see basic network resources. (Internet Gateway // Media Server // Printers)
            • When they want to access another network resource (Other computers, admin tools, security, secure storage) they hit an access list.
            • If that device has permission to access that device (which is on its own VLAN), a new VLAN is created that encompasses both devices. That VLAN is deleted when communications are now longer required between devices.

              • Android Wear

              Facer

              Free Squarespace Giveaway for TWIT Network Audience Members
              See official sweepstakes rules here. http://player.podtrac.com/rules-twit

              Hosts: Fr. Robert Ballecer, SJ and Bryan Burnett

              Connect with us!

              Don't forget to check out our large library of projects at https://twit.tv/shows/know-how.

              Tweet at us at @padresj, @Cranky_Hippo, and @Anelf3

              Sponsors:

              • lynda.com/knowhow
              • squarespace.com offer code KNOWHOW

                • ...more
                View all episodesView all episodes
                Download on the App Store
                TWiT Throwback (Video)By TWiT