33 Years of the Digest ... founded August 21, 1981
Copyright © 2014 E. William Horne. All Rights Reserved.

The Telecom Digest for Oct 4, 2014
Volume 33 : Issue 174 : "text" Format
Messages in this Issue:
Apple patches "Shellshock" Bash bug in OS X 10.9, 10.8, and 10.7 (Monty Solomon)
How to Get More Room in the Sock Drawer: Sell Your Cellphone (Monty Solomon)
Shellshock fixes beget another round of patches as attacks mount (Monty Solomon)
Re: Shellshock fixes beget another round of patches as attacks mount (David Clayton)
Marriot hotels fined $600,000 for blocking customers' WiFi (danny burstein)

May God save the country, for it is evident that the people will not.  - Millard Fillmore

See the bottom of this issue for subscription and archive details.

Date: Fri, 3 Oct 2014 00:23:44 -0400 From: Monty Solomon <monty@roscom.com> To: telecomdigestsubmissions.remove-this@and-this-too.telecom-digest.org. Subject: Apple patches "Shellshock" Bash bug in OS X 10.9, 10.8, and 10.7 Message-ID: <p06240802d053d50fce9d@[172.16.42.4]> Apple patches "Shellshock" Bash bug in OS X 10.9, 10.8, and 10.7 Fixes Bash bug discovered last week that's already been seen in the wild. by Andrew Cunningham Sept 29 2014 Ars Technica http://arstechnica.com/apple/2014/09/apple-patches-shellshock-bash-bug-in-os-x-10-9-10-8-and-10-7/
Date: Fri, 3 Oct 2014 06:58:40 -0400 From: Monty Solomon <monty@roscom.com> To: telecomdigestsubmissions.remove-this@and-this-too.telecom-digest.org. Subject: How to Get More Room in the Sock Drawer: Sell Your Cellphone Message-ID: <60426AB6-19CB-48D2-92A0-C1DB0EDEC28D@roscom.com> How to Get More Room in the Sock Drawer: Sell Your Cellphone Mailing your phone to a reseller, handing it to a cellphone store or putting it up for sale online can reduce or fully cover the price of an upgrade. http://www.nytimes.com/2014/10/02/technology/personaltech/how-to-get-more-room-in-the-sock-drawer-sell-your-cellphone.html -or- http://goo.gl/YfZ7FW
Date: Fri, 3 Oct 2014 00:22:24 -0400 From: Monty Solomon <monty@roscom.com> To: telecomdigestsubmissions.remove-this@and-this-too.telecom-digest.org. Subject: Shellshock fixes beget another round of patches as attacks mount Message-ID: <p06240801d053d2d7497a@[172.16.42.4]> Shellshock fixes beget another round of patches as attacks mount SANS' Internet Storm Center moves up threat level based on bash exploits in wild. by Sean Gallagher Sept 30 2014 Ars Technica Over the past few days, Apple, Red Hat, and others have pushed out patches to vulnerabilities in the GNU Bourne Again Shell (bash). The vulnerabilities previously allowed attackers to execute commands remotely on systems that use the command parser under some conditions-including Web servers that use certain configurations of Apache. However, some of the patches made changes that broke from the functionality of the GNU bash code, so now debate continues about how to "un-fork" the patches and better secure bash. At the same time, the urgency of applying those patches has mounted as more attacks that exploit the weaknesses in bash's security (dubbed "Shellshock") have appeared. In addition to the threat first spotted the day after the vulnerability was made public, a number of new attacks have emerged. While some appear to simply be vulnerability scans, there are also new exploit attempts that carry malware or attempt to give the attacker direct remote control of the targeted system. ... http://arstechnica.com/security/2014/09/shellshock-fixes-beget-another-round-of-patches-as-attacks-mount/ ***** Moderator's Note ***** The "Shellshock" exploit, as I understand it, affects those running Apache with the Bash shell enabled. I don't know if disabling Bash will prevent the exploit from succeeding, but anyone running a server that has both Apache and Bash available is advised to upgrade. Bill Horne Moderator
Date: Sat, 04 Oct 2014 09:37:11 +1000 From: David Clayton <dc33box-usenet2@NOSPAM.yahoo.com.au> To: telecomdigestsubmissions.remove-this@and-this-too.telecom-digest.org. Subject: Re: Shellshock fixes beget another round of patches as attacks mount Message-ID: <pan.2014.10.03.23.37.07.580941@NOSPAM.yahoo.com.au> On Fri, 03 Oct 2014 00:22:24 -0400, Monty Solomon wrote: > Shellshock fixes beget another round of patches as attacks mount > > SANS' Internet Storm Center moves up threat level based on bash exploits > in wild. ........ > ***** Moderator's Note ***** > > The "Shellshock" exploit, as I understand it, affects those running Apache > with the Bash shell enabled. I don't know if disabling Bash will prevent > the exploit from succeeding, but anyone running a server that has both > Apache and Bash available is advised to upgrade. > > Bill Horne > Moderator The only effective way of "disabling" bash is to rename the binary. If the entry vector code being exploited is explicitly calling /bin/bash then just changing it as the default shell for login won't do anything. The systems like desktop/server Linux that are kept patched and up to date will be ok, it is all those devices with Linux firmware and a web interface that rarely (if ever) get updated that may be at risk of permanent exploitation if they have any external ports available to attack. That means most home/small business grade Internet facing modems/routers etc. and that is what scares me! -- Regards, David. David Clayton Melbourne, Victoria, Australia. Knowledge is a measure of how many answers you have, intelligence is a measure of how many questions you have.
Date: Fri, 3 Oct 2014 16:05:20 -0400 From: danny burstein <dannyb@remove-this.panix.com> To: telecomdigestsubmissions.remove-this@and-this-too.telecom-digest.org. Subject: Marriot hotels fined $600,000 for blocking customers' WiFi Message-ID: <Pine.NEB.4.64.1410031600270.304@panix5.panix.com> Marriott to pay $600,000 to resolve wifi-blocking investigation. Hotel Operator Admits Employees Improperly Used Wi-Fi Monitoring System to Block Mobile Hotspots; Agrees to Three-Year Compliance Plan. News Release. Adopted: 10/03/2014. -fcc info[a] at: https://apps.fcc.gov/edocs_public/attachmatch/DOC-329743A1.docx https://apps.fcc.gov/edocs_public/attachmatch/DOC-329743A1.pdf http://transition.fcc.gov/Daily_Releases/Daily_Business/2014/db1003/DOC-329743A1.txt - the hotel deliberately interfered with the local WiFi bubbles that guests were setting up via cellular interconnections so as to force people to pay the hotel directly. [a] FCC postings are typically available as Word Documents, PDF format, and kind-of plain text. The URLs tend to be the same with the extension signifying which is which.

TELECOM Digest is an electronic journal devoted mostly to telecom- munications topics. It is circulated anywhere there is email, in addition to Usenet, where it appears as the moderated newsgroup 'comp.dcom.telecom'.

TELECOM Digest is a not-for-profit educational service offered to the Internet by Bill Horne.

The Telecom Digest is moderated by Bill Horne.
Contact information: Bill Horne
Telecom Digest
43 Deerfield Road
Sharon MA 02067-2301
339-364-8487
bill at horne dot net
Subscribe: telecom-request@telecom-digest.org?body=subscribe telecom
Unsubscribe: telecom-request@telecom-digest.org?body=unsubscribe telecom

This Digest is the oldest continuing e-journal about telecomm- unications on the Internet, having been founded in August, 1981 and published continuously since then. Our archives are available for your review/research. We believe we are the oldest e-zine/mailing list on the internet in any category! URL information: http://telecom-digest.org Copyright © 2014 E. William Horne. All rights reserved.

Finally, the Digest is funded by gifts from generous readers such as yourself. Thank you!

All opinions expressed herein are deemed to be those of the author. Any organizations listed are for identification purposes only and messages should not be considered any official expression by the organization.

End of The Telecom Digest (5 messages)

Return to Archives ** Older Issues