Know How...

Sep 25th 2014

Know How... 112

Bash Bug, GPU Upgrade, and Android Wear

Bash Bug, GPU Upgrade, and Android Wear
New episodes every Monday at 6:00pm Eastern / 3:00pm Pacific / 23:00 UTC and Thursday at 2:00pm Eastern / 11:00am Pacific / 19:00 UTC.
Bash exploit allows an attacker to take complete control of a computer, upgrading your Video Card, VLAN's on a personal network, SSD Media Center, and make a custom watch face for your Android Wear Device. Bash, Bash, Bash! * A new bug has been discovered in Bash that allows an attacker to take complete control of a computer running any UNIX-based operating system -- That includes all flavors of Linux as well as Apple's OSX. ** The National Vulnerability Database gave the exploit a "10 out of 10" ** While the Heatbleed bug allowed attackers to spy on your traffic. This bug lets them attack your computer. What is Bash * Bash is a command line shell that was released in 1989 * It replaced the "Bourne Shell" -- and therefore it was dubbed the "Bourne-Again Shell" or BASH) * It allows users to issue commands to the Operating system through a command line. What is the vulnerability? * Some researchers at Red Hat figured out that you could add a few extra lines to a bash command and have it execute scripts over the Internet. * Essentially... this allows a remote attack to have COMPLETE control over your OS. Why is it Bad? * Heartbleed affected about 600,000 websites * The Bash Bug can affect HUNDREDS OF MILLIONS OF COMPUTERS AND DEVICES * Linux is baked into many smart devices (which means they're most likely not going to be patched) -- Light Bulbs -- Cameras -- Automatic lighting/irrigation systems -- Routers Padre's Network * Enterasys D2 Switch (Core) * Radius Authentication Server * HP Intellijacks (Edge) * When new devices connect, they get an address and access to the gateway. They're put on their own VLAN in the "untrusted" subnet, so they can't see any other devices. * Once they authenticate, they're put on the "Trusted VLANS" -- They can now see basic network resources. (Internet Gateway // Media Server // Printers) * When they want to access another network resource (Other computers, admin tools, security, secure storage) they hit an access list. -- If that device has permission to access that device (which is on its own VLAN), a new VLAN is created that encompases both devices. That VLAN is deleted when communications are now longer requried between devices. Android Wear Facer Free Squarespace Giveaway for TWIT Network Audience Members See official sweepstakes rules here. http://player.podtrac.com/rules-twit

Connect with us!

Don't forget to check out our large library of projects at www.twit.tv/kh. - Google+ Community at gplus.to/twitkh - Tweet at us at @padresj, @Cranky_Hippo and @Anelf3 - Check out our transcripts.