While these brand new vulnerabilities have emerged, they appear to be less “exploitable” from directly tailored environment variables than the original BASH Shellshock exploit. Still, there is a need for open source administrators to be vigilant and in a “patch now” mode as further developments warrant
QUOTE: If you patched your Linux-based systems before 1:11 a.m. Eastern Daylight Time yesterday for the major Shellshock vulnerability in the Bash function, your work is not done here yet. New bugs have been reported in Bash, so it’s probably time to patch again
, security experts warn.
Johannes Ullrich, director of the SANS Internet Storm Center, says the newly discovered Bash vulnerabilities have not been patched,
as of this posting: CVE-2014-7186, – 7187, and -6277. The original Bash Shellshock bugs revealed on September 24 — CVE-2014-6271 and CVE-7169 — have been patched and updated in major distributions, according to Ullrich.
The latest bugs in Bash are not one and the same as Shellshock, however. “They are not exploitable via environment variables as far as I know
, so the CGI vector that has been a big problem with Shellshock doesn’t seem to apply,” says Ullrich, who is currently performing more testing on the latest findings.
: I just published an updated YouTube presentation (about 15 min in length) with some of the shell shock related news from the last couple days:
John Maxwell’s Leadership blog has excellent advice that is applicable for IT projects
If you’re dreaming big, then the size of your vision will surpass your present abilities. Not only that, but your dream will even dwarf your potential abilities. No matter how much you grow and develop, you won’t ever be able to accomplish the dream alone
. One is too small a number to achieve greatness. Every dream needs a team in order to come true
. The questions are who to include on the team and how to convince them to join.
Who should I include on my dream team? Life is especially hard on dreams, and when challenges arise we can be tempted to delay the dream indefinitely or to abandon it altogether
. That’s why every dream team has inspirers. These people keep hope alive by providing continual encouragement. They believe in the dream even when you start to doubt it.
There’s a fine line between a dream and a fantasy, and it can be easy to cross
. Every dreamer needs honest critics to keep from wandering into make-believe. These constructive critics are not skeptics or cynics; they believe in the dream just as much as you do. However, they’re attuned to reality, and they know that a dreamer who avoids facts and evidence will inevitably lose credibility.
Interesting tests by Consumer Reports that document new iPhone 6 casing holds up with other similar smartphones.
Apple’s iPhone 6 required less force to ruin than Apple’s iPhone 6 Plus, but more force than what Apple itself has been claiming the iPhones can tolerate. According to those who attended a recent press tour of the company’s “torture lab” for its iPhones, an iPhone 6 can handle at least 25 kilograms of weight—around 55 pounds
—in a similar three-point flexural test. Apple maintains the iPhone 6 can actually handle more weight than that, but didn’t specify how much.
According to Consumer Reports’ tests, the iPhone 6 only started to deform, warp, or otherwise look different than it normally does once the test applied 70 pounds of weight
to the smartphone. The iPhone 6 Plus held out for slightly longer, deforming at around 90 pounds.
“Two days ago, the Internet erupted with photos of bent iPhone 6s, and a very-viral video of a guy creasing an iPhone 6 Plus with his bare hands
. It seemed like a serious concern, yet everything about the uproar was highly unscientific. We don’t like unscientific, so we promised then that we would use our lab equipment to find out just how delicate the iPhone 6 and 6 Plus really are.
This PC Magazine security article shares 8 best practices to ensure a safe update of the new Apple iOS 8 operating system
Apple’s iOS 8 is here. If you’ve got an iPhone, you’re probably champing at the bit to download Apple’s latest and greatest OS. Or perhaps you’ve already pre-ordered an iPhone 6 or 6 Plus and are ready to party with a totally new handset. Either way, now is a great time to spruce up the security of your iOS device.
– Don’t try to be among the first adopters and wait a few days until the dust settles
2. Shred It
– Wickr’s Shredder feature to sanitize your phone before wiping it when trading in
3. Check Your Security Settings
– Optimize your security settings as soon as you update to iOS 8
or get your new iPhone 6
4. Location, Location, Location
– right off the bat iOS 8 asks you to enable location services before you can even play with the new OS. Go through the apps that request that data with a fine-tooth comb
and deciding which really need the information
5. Medical Condition setup
– iOS 8 users should set up a Medical ID. This is a virtual medical ID card that includes information like blood type, organ donor, allergies, and medical conditions.
6. Fingerprint Authentication
– Be sure to enable Touch ID if you have an iPhone with a fingerprint reader, and deactivate Simple Passcodes to use a longer, more complex passphrase to unlock your device.
7. Lock Down the Lock Screen
– From the Restrictions section of the General settings, you can hide apps and even prevent apps from being installed or deleted. You can also set which apps can access your microphone, or other intimate settings, and prevent those settings from being changed.
8. Go Nuclear
– A strong passcode and Find My iPhone go a long way toward keeping your phone, and its data, secure. But we can go further. Set your iPhone to automatically wipe its contents after 10 failed attempts to enter a security
Several articles note that new attributes of the new operating system will be previewed on September 30, 2014
Microsoft issued invitations on Monday for a Sept. 30 event where it will unveil the next version of Windows, according to multiple online reports. The San Francisco press conference will introduce the next iteration of Microsoft’s venerable Windows operating system
. Most pundits and analysts expect the OS to be dubbed “Windows 9,” with the company sticking with the numerical moniker of the 2012 predecessor. It has also been known by the code name “Threshold.”
Presumably set for release in the first half of 2015
, Windows 9, may be either the last major release of the operating system or the first in a string of smaller, less-ambitious updates as Microsoft accelerates its already too-fast-for-enterprise release schedule. A revamped Start menu — one that hews more closely to the one in Windows 7 — a de-emphasis of the touch-first “Modern,” née “Metro,” mode and UI (user interface), and the ability to run Modern apps in Windows on the classic desktop have been bandied as Windows 9’s most obvious changes.
The mention of “enterprise” in Microsoft’s invitation bolsters the speculation that Windows 9 will be primarily aimed at business and corporate customers, who have spurned Windows 8 because of its split-UI personality. That, in turn, argues for a surfacing of new features and other changes that make the OS easier to operate and navigate with mouse and keyboard, still the primary input methods for business PCs.
It’s important for Microsoft to make Windows 9 attractive to those customers, Gartner analysts have said, if Microsoft is to convince them to move beyond Windows 7 — which has a lock on the corporate market — in time to avoid a repeat of the Windows XP longevity problem.
From the excellent Leadership blog by John Maxwell, the key question of “What Do You Think?” is examined
The simple act of asking the right questions of the right people can provide crucial information
, offer clarity and help you make better decisions. That process begins with the questions you ask yourself. It continues with the questions you ask others. When you ask the right questions of people on your team, it not only gives the above benefits, it can also improve your connection with them and demonstrate your openness and teachability.
In my upcoming book, Good Leaders Ask Great Questions, I share the eleven questions that I continually ask members of my team. Today, I’ll talk about the question that I ask my most often: “What do you think?”
These words come out of my mouth a dozen or more times every day.
1. Gathering Information
– want good information from multiple sources and perspectives
2. Confirming My Intuition
– what can you do to validate your belief?
3. Assessing Someone’s Judgment or Leadership
– fastest way to assess people’s thinking and observation abilities
4. Teaching How I Think
– Why is a great tool for connecting and equipping.
5. Processing a Decision
– Sometimes people need a number of different perspectives in order to discover the best choice