New “unix Bash security hole”, deadlier than “Heartbleed”


images2A big unix bash hole (“Shellshock”) uncovered on 24thSep 2014, which can be used to take control of your unix based system.

Bash is the very powerful software to control unix based systems via command line. And if this powerful weapon reaches to an unwanted person, everything can be sacrificed.

The Department of Homeland Security’s United States Computer Emergency Readiness Team, or US-CERT, issued an alert saying the vulnerability affected Unix-based operating systems including Linux and Apple Inc’s Mac OS X.

Is your system vulnerable ?

As per an excellent write-up by RedHat, to check if your system is vulnerable, type below commands in bash.

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

If you see an output like

vulnerable
this is a test

You need a patch to fix it.

It is relatively easy to use this hole.

Tod Beardsley, an engineering manager at cybersecurity firm Rapid7, warned the bug was rated a “10” for severity, meaning it has maximum impact, and rated “low” for complexity of exploitation, meaning it is relatively easy for hackers to launch attacks.

Fix it!

US-CERT advised computer users to obtain operating systems updates from software makers. It said that Linux providers including Red Hat Inc (RHT.N) had already prepared them, but it did not mention an update for OS X. Apple representatives could not be reached.

To update it a similar type of command can be run

yum update bash

After a patch, if you run above command, you will find a output similar to

env x='() { :;}; echo vulnerable'  bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

For MAC users:
http://security.stackexchange.com/questions/68202/how-to-patch-bash-on-osx-in-wake-of-shellshock
Unlike Heartbleed, Shellshock doesn’t appear to have any easy solutions for average users right now. In most cases, it will be up to system administrators and software companies to issue patches.

Know more:

https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/

http://www.reuters.com/article/2014/09/24/us-cybersecurity-bash-idUSKCN0HJ2FQ20140924

Regain Speed of your MAC


Even if you are a mac user you will slowly realize sometime your mac is slowing down. This may lead to your system hang sometime. But its not the time to blame the operating system (OS).

One real limitation is its hardware. If you system has a single core processor, it can never provide you a performance of quad core processor. If you have 1 GB RAM, it can never give you performance of a 4 GB of RAM etc..

It is you who can keep your home clean and maintained to keep everything running smoothly.

There are many apps which help you to regain performance. But I will tell some basic non-app solutions.

Close your application properly:
(command + q)
Remember closing application window don’t close the application. If you close even your last window, the application is still running. Mainly Windows user has been seen to do this mistake (I also did the same mistake). Close your application properly.

Delete apps while you don’t use:
Go to “/Application” directory (click Application from finder window) Remove all the apps which you don’t use by moving it to trash. Unlike Windows, moving apps into trash = uninstalling the app.

Delete Files from Download directory which is not needed:
Download directory used to keep increasing with files. Remove unnecessary files.

Empty your Trash:
Unlike Windows or Ubuntu there are NO (shift + delete) option. So keep remember to periodically clean your trash.

Compress all the old and backup files:
Select all the backup files and folders, right click on it, click on “Compress .. items”.

Clean up system logs and temporary files:
Go to terminal.
Type “ sudo periodic daily weekly monthly ”, type sudo password. Done.

Clean up Junk files and invalid registry entries:
Go to terminal
Type “ sudo tmutil disablelocal

Remove iOS old backups:
Go to your mobile sync backup directory. Locate older backups and delete those.
cd /Users/[user name]/Library/Application Support/MobileSync/Backup
sudo rm -rf [directory name]

Above few points are for maintaining to bring a smile on your face. 🙂

 

References:
http://www.wikihow.com/Clean-Up/Speed-up-Your-Mac