Что такое шок-шок и как он на меня влияет?

521
L.B.

Я немного не в курсе всего этого, что происходит сейчас. Таким образом, это может звучать немного глупо; но мне интересно, влияет ли это на меня вообще. В настоящее время я использую компьютер с Windows XP (да, я знаю о других рисках, пожалуйста, не вдавайтесь в это) и Apple iPod Touch (который полностью обновлен на iOS 8.2). Может ли какое-либо из этих устройств - особенно iPod - быть в опасности?

Я был бы признателен за короткую историю о шоковом ударе, если он действительно повлияет на меня, и какие некоторые признаки могут быть у меня!

-1
Должен ли я перенести это в другое место. Возможно, ИТ-безопасность? @MatthewWilliams L.B. 10 лет назад 0

1 ответ на вопрос

1
Iszi

Cygwin, which runs Unix commands (including bash) on Windows systems, is affected. https://cygwin.com/ml/cygwin-announce/2014-09/msg00033.html Any other Windows applications which have Bash or Cygwin integrated may also be affected. These should (generally) be few and far between, and will probably be mostly in enterprise-level products.

I haven't found anything from Apple regarding iDevices, but independent research from Fortinet concludes that out-of-the box iDevices aren't affected but jailbroken iDevices might be. http://blog.fortinet.com/post/are-ios-and-android-vulnerable-to-the-shellshock-bug

For most home users though, the vulnerability is largely mitigated by the fact that default configurations for end-user PCs (PC in the generic sense - Windows/Mac/Linux/etc. included) typically do not expose many services on the system to the network. Of those services exposed to the network on home systems, few usually require the type of functionality that would require input to be sent to Bash which may be controlled by an attacker. Even if such a configuration is present, the typical home system will not often expose vulnerable services to the public - they will either have a router/firewall device between them and likely attackers, or a host-based firewall will be configured by default to protect them on untrusted networks.

If you're unsure whether an operating system, application, or device may be vulnerable to Shellshock-related exploits, the best course is to seek validation from the vendor themselves. Either search online via the vendor's website or reputable security research sites, or contact the vendor directly yourself via normal support channels.

The IT Security Stack Exchange site has a Community Wiki dedicated to providing information about products and applications confirmed to be vulnerable to Shellshock, and what patches are available. It's not a comprehensive or authoritative list, but it could be useful to you if you use products that are on the list.

What operating systems and devices are known to be affected by Shellshock? What patches are available?

Похожие вопросы