Sep
26

Shellshock bug testing for vulnerability

There's a new bug that has been discovered recently, requiring affecting most linux systems running bash. You can read more about it here, but the question most often asked is: how to check if you are vulnerable? Here's a simple way to find out. Login to your Linux box and run the following:

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

The output will be, if you are not vulnerable:

bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

If you are vulnerable:

vulnerable
this is a test

Update (Oct 2): Here's a newer version of the test script. It incorporates tests for all of the other bugs related to shellshock

Download link

Test results are self explanatory:

If not vulnerable (will appear in a healthy-green colour):

Not vulnerable to CVE-2014-6271 (original shellshock)
Not vulnerable to CVE-2014-7169 (taviso bug)
Not vulnerable to CVE-2014-7186 (redir_stack bug)
Test for CVE-2014-7187 not reliable without address sanitizer
Variable function parser inactive, likely safe from unknown parser bugs

If vulnerable:

Variable function parser active, maybe vulnerable to unknown parser bugs
Vulnerable to CVE-2014-6271 (original shellshock)
Vulnerable to CVE-2014-7169 (taviso bug)
Vulnerable to CVE-2014-7186 (redir_stack bug)
Test for CVE-2014-7187 not reliable without address sanitizer
Vulnerable to CVE-2014-6277 (lcamtuf bug #1)

 

Sep
13

Windows 9 gets features from Ubuntu and Windows Phone

You've asked for it and Microsoft heard you loud and clear:

"In the version of Windows 9 demoed in the leaked video, the Metro style Start screen has been replaced with a traditional Windows desktop, complete with the taskbar at the bottom with frequently used app shortcuts. One new element that wasn’t in prior leaked screenshots is the search icon. It appears on the taskbar, next to the Start button. On the right side of the search icon is, at long last, the Virtual Desktop icon. Virtual desktops, a feature that allows users to create, save, and easily switch between multiple desktop configurations, has been available in competing operating systems, like Ubuntu, for some time. With it, a user could have a desktop with several image and video editing applications open and running, and then switch to a different desktop used for browsing the web, or one with a running game, waiting to resume progress. It’s a useful way to manage system resources, as well as screen real estate."

See the full article.

May
01

Microsoft Patches all versions of Internet Explorer

This security update resolves a publicly disclosed vulnerability in Internet Explorer. The vulnerability could allow remote code execution if a user views a specially crafted webpage using an affected version of Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Patch can be downloaded from here:

https://technet.microsoft.com/library/security/ms14-021

Mar
13

Joomla issues upgrade to patch critical SQL vulnerability

joomla logo

Joomla's developers have released a fix to critical SQL injection vulnerability in the 3.2.3 update, but still are coming under fire for taking a month to address the issue. According to ThreatPost, researchers at Sucuri have associated the SQL fix with a month-old vulnerability that was described at exploit-db.com.

The Scip vulnerability database provides this description: “Affected by this issue is an unknown function of the file /index.php/weblinks-categories.

"The manipulation of the argument id with the input value 0%20%29%20union%20select%20password%20from%20%60k59cv_users%60%20--%20%29 leads to a sql injection vulnerability. Impacted is confidentiality, integrity, and availability.”

So patch your Joomlas!

Nov
07

Internet Explorer 11 release preview

Every web developer's dream is a world with just one browser. That's not happening, so brace yourselves for the new version of Internet Explorer - version 11. Google has established a new trend - a new version of Chrome for every full moon. Microsoft and Mozilla have nothing left but to follow the trend to stay afloat. 

New features in Internet Exlorer 11: 

Ehh... How about a cartoon instead? 

 

Oct
30

What's New In CiviCRM 4.4

New features in CiviCRM 4.4 - a presentation from London CIVICON:

Oct
29

CiviCRM 4.4 released

civicrm logoNew version of popular open source CRM - CiviCRM - has been released on October 23rd, 2013. New version includes a lot of bug fixes and major improvements:

 

  • Faster searching - a real timesaver when working with searches and smart groups, especially with large databases.
  • Soft credits - improve soft credit tracking and include soft credit data in key contribution reports
  • Flexible event name badges - design and print cool name badges for event participants including logos, custom data, QR and bar codes
  • Visual selection of "credit card type" on contribute/event forms - improves the user experience when giving to your organization
  • ShortCode Support for Petitions - a great new feature for CiviPetition users on Wordpress
  • Better campaign tracking - campaign column and filters added to membership, participant and addtional contribution reports 
Mar
19

Windows 7 SP1 Update

If you are a Windows 7 user and have been delaying SP1 installation - now is the time. Starting today Microsoft will be deploying the the service pack through the Windows Update system. That is - if your system is setup for automatic updates.