victorazy:

Nne u fine too much, u resemble beverly O. Ur libs is kissable.

Guy e be like say ur eye don catch "aborah" see the kin kanda lips wen dey plait u dada

Enouwem: I am just wondering how foreigners will rate us if they ever see this. #smh

see what, let the truth be told joor, am nt a computer wizardd that I should und the terms used in that write up

and my lecture will neva bliv this cos he is hellsure that linux is d safest os eva

jjwaterfalls:

I didn't undestand it either.

yeh I luv people arent shy to say d truth. How can I relate with u miss?

friday................

Present

Enouwem: XSS ?

I thought i was the only one that noted that..
ANYWAY, IF YOU KNOW SAY YOU DEY RUN LINUX HOSTING(almost everyone does anyway), MAKE UNA DO FULL BACKUP SHARP SHARP O! Including oga seun ! my little piece of advice

TeGaTeGa1: Please who has that pic that a funny Nigerian actor has his hands
on his head with a caption "CHISOS"

Here it is

TeGaTeGa1: Please who has that pic that a funny Nigerian actor has his hands
on his head with a caption "CHISOS"

Here

Superstar007:

Here it is

ur my nigga I swear thanks man

No wonder threads from webmasters and programming sections rarely make frontpage.. Op thanks for the info.

sapientia: No wonder threads from webmasters and programming sections rarely make frontpage.. Op thanks for the info.

Noticed that too.

TeGaTeGa1: Please who has that pic that a funny Nigerian actor has his hands
on his head with a caption "CHISOS"

i get am

I dey believe una. Anyway Join www.myeventsgallery.com, get notified b/4 our launching party!

There is always a loophole!

victorazy:

Are we learning ABCD?

dude u funny die

My dear from the shell script command am seeing here...from the root directory/: echo echos back what u want it to echo. bash is good. Linux or unix is virus protected. Am an oracle database administrator. Lets make more inquiry on it. tnx thoo

EXPLOITS!!! THE BEST PART OF MY LIFE

Anything that is designed by man can be altered or modified by another man with greater knowledge. Was Linux, Unix or Mac designed by God? BTW hacking is like a hobby to me

sapientia: No wonder threads from webmasters and programming sections rarely make frontpage.. Op thanks for the info.

we never want them to make fp... I would have loved to contribute here but the comments of non-techy NLers puts us off...

Enouwem: [img]http://1.bp..com/-VQ8KDBhjMDM/VCPBgN-AVvI/AAAAAAAAgd8/TLel5x_Xmeo/s728/bash-shellshock.png[/img]

A Critical remotely exploitable vulnerability has been discovered in the
widely used Linux and Unix command-line
shell, known as Bash , aka the GNU
Bourne Again Shell, leaving countless
websites, servers, PCs, OS X Macs, various
home routers, and many more open to the
cyber criminals.
Earlier today, Stephane Chazelas publicly
disclosed the technical details of the
remote code execution vulnerability in
Bash which affects most of the Linux
distributions and servers worldwide.
REMOTELY EXPLOITABLE SHELLSHOCK
The vulnerability (CVE-2014-6271)
affects versions 1.14 through 4.3 of GNU
Bash and being named as Bash Bug, and
Shellshock by the Security researchers on
the Internet discussions.
According to the technical details, a
hacker could exploit this bash bug to
execute shell commands remotely on a
target machine using specifically crafted
variables. “In many common
configurations, this vulnerability is
exploitable over the network, ” Stephane
said.
This 22-year-old vulnerability stems from
the way bash handles specially-formatted
environment variables, namely exported
shell functions. When assigning a function
to a variable, trailing code in the function
definition will be executed.
BASH BUG AFFECTS MILLIONS OF
SYSTEMS
While bash is not directly used by remote
users, but it is a common shell for
evaluating and executing commands from
other programs, such as web server or the
mail server. So if an application calls the
Bash shell command via web HTTP or a
Common-Gateway Interface (CGI) in a
way that allows a user to insert data, the
web server could be hacked.
In Simple words, If Bash has been
configured as the default system shell, an
attacker could launch malicious code on
the server just by sending a specially
crafted malicious web request by setting
headers in a web request, or by setting
weird mime types. Proof-of-concept code
for cgi-bin reverse shell has been posted
on the Internet.
Similar attacks are possible via
OpenSSH, “We have also verified
that this vulnerability is exposed in
ssh—but only to authenticated
sessions. Web applications like cgi-
scripts may be vulnerable based on
a number of factors; including
calling other applications through a
shell, or evaluating sections of code
through a shell.” Stephane warned.
But if an attacker does not have an
SSH account this exploit would not
work.
This is a serious risk to Internet
infrastructure, just like Heartbleed bug,
because Linux not only runs the majority
of the servers but also large number of
embedded devices, including Mac OS X
laptops and Android devices are also
running the vulnerable version of bash
Software. NIST vulnerability database has
rated this vulnerability “10 out of 10” in
terms of severity.
HOW TO CHECK FOR VULNERABLE
SHELL
To determine if a Linux or Unix system is
vulnerable, run the following command
lines in your linux shell:
env X="() { :;} ; echo
shellshock" /bin/sh -c "echo
completed"
env X="() { :;} ; echo shellshock"
`which bash` -c "echo
completed"
If you see the words "shellshock" in the
output, errrrr… then you are at risk.
BASH BUG PATCH
You are recommended to disable any CGI
scripts that call on the shell, but it does
not fully mitigate the vulnerability. Many
of the major operating system and Linux
distribution vendors have released the
new bash software versions today,
including:
Red Hat Enterprise Linux (versions 4
through 7) and the Fedora distribution
CentOS (versions 5 through 7)
Ubuntu 10.04 LTS, 12.04 LTS, and
14.04 LTS
Debian
If your system is vulnerable to bash bug,
then you are highly recommended to
upgrade your bash software package as
soon as possible.
Source: http://thehackernews.com/2014/09/bash-shell-vulnerability-shellshock.html?m=1

u want us to click d link and get hacked isn't it

JohnnySarz: Its a vulnerability that Hackers can exploit and get root access to your server.. That's the best explanation for newbies

Excuse me? This affects even iPhones, iPads (as a matter of fact, all Mac PCs) and Android phones/tablets; so it is much more closer to home than that.

Got to know about this at work today..
amazing that this bug has been there since forever....and we are knowing about it today.....

kobikwelu: Got to know about this at work today..
amazing that this bug has been there since forever....and we are knowing about it today.....

There is a reason the US always seems to have a control switch to all computers world wide. There are of course far more vulnerabilities that remain known to them; and unknown to the public.

Here is a patch for those running obsolete (or EOL ) version of ubuntu servers

mkdir src
cd src
wget http://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz
#download all patches
for i in $(seq -f "%03g" 0 26); do wget http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-$i; done
tar zxvf bash-4.3.tar.gz 
cd bash-4.3
#apply all patches
for i in $(seq -f "%03g" 0 26);do patch -p0 < ../bash43-$i; done
#build and install
./configure --prefix=/ && make && make install
cd .. 
cd ..
rm -r src

Others should simply update their servers

angelo82:

Exactly it will bring it……Mac I am very sure of is not vulnerable to any virus…..

In this age?....no system is secured, everything is hackable

bigrovar: Here is a patch for those running obsolete (or EOL ) version of ubuntu servers

mkdir src
cd src
wget http://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz
#download all patches
for i in $(seq -f "%03g" 0 26); do wget http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-$i; done
tar zxvf bash-4.3.tar.gz 
cd bash-4.3
#apply all patches
for i in $(seq -f "%03g" 0 26);do patch -p0 < ../bash43-$i; done
#build and install
./configure --prefix=/ && make && make install
cd .. 
cd ..
rm -r src

Others should simply update their servers

Thanks bro.. I'll release more links for patches soon.

such is life, i have found out that the best way to protect some valuables is to attatch less importance to it so as not pull much attention to it. Think of this how many hackers are looking for a way to infiltrate windows os, nokia os, android os, but i can assure u that there are thousands of hackers looking for possible ways of infiltrating apple brand of products. Oh how are the mighty fallen

Just following................

Ajibel:

we never want them to make fp... I would have loved to contribute here but the comments of non-techy NLers puts us off...

you just spoke my mind guy. I dnt comment on thread that are irrelevant to me. I wonder why people who know nothin about this thread decide to floord it with gibberish

btw this bug is real o. even on a linux desktop box, i can see it very clearly.

as for osx this vulnerability affects only those using xserver or anyone that enables remote logins or remote management on his mac.
if u use your system like an everyday joe aint nothing to be scared of..

no system is 100% safe no matter d OS being run on it.but d level of security one OS gives u differs from others.tell me dat system dat cant be hacked