Recent Articles
Shell Shocker Hack — [upd]
It is often called the "Shellshocker hack" because it shocked the cybersecurity world: Bash is installed on billions of devices (servers, macOS systems, routers, IoT devices), and the bug had existed for over 25 years. At its core, Bash supports function definitions inside environment variables. For example:
Shellshock (CVE-2014-6271 and related CVEs) is a critical security vulnerability in Bash (Bourne Again SHell) , a Unix/Linux command-line shell. Discovered in September 2014, it allowed attackers to execute arbitrary commands on a vulnerable system by appending malicious code to environment variables. shell shocker hack
GET /example.cgi HTTP/1.1 Host: victim.com User-Agent: () :;; echo; /bin/cat /etc/passwd When the web server passes HTTP_USER_AGENT as an environment variable to Bash, the payload executes cat /etc/passwd and sends output in the HTTP response. On Your System Check your Bash version: It is often called the "Shellshocker hack" because
#!/bin/bash echo "Content-type: text/plain" echo "" echo "Hello $HTTP_USER_AGENT" Discovered in September 2014, it allowed attackers to
bash --version Vulnerable versions: 1.14 through 4.3 (before patch). Run:
How to Tell if Financial Information Is Reliable: An Investor’s Guide To Stop Worrying About Fake News
The old challenge of investing was analyzing complex charting data. The new challenge is confirming its existence in the first place, and playing defense against
Why Interest Rate Changes Are Important: Your Portfolio’s Wake-Up Call
It feels like an almost-constant headline on many financial news websites: “The Fed is meeting to discuss interest rates,” or “Analysts are worried about another
How To Compare Stock Performance: A Smart Investor’s Guide
Have you ever had investment FOMO and later realised the stock was simply the flavor of the month, with no real analysis behind its rise
App Store
Google Play