Thursday, October 23, 2014

Updates to Info Tech As I see It

While this blog isn't as popular as I'd like it to be I know there are enough readers who do to merit an explanation as to why all the video links suddenly went dead last week.

The reason is simple and is directly related to the content I provide.  You see, I was hit by the #microstopped YouTube takedown last week.  The videos in question were two of my most popular on using Windows 8 Enterprise edition.  Apparently thousands of people found the information useful in the 2+ years they were on my channel.

Unfrotunately a clueless marketing lackey for Microsoft thought that I and thousands of others had no right to share the information.

Well, fast forward to this week and suddenly there's a new source for those same videos.  I've made a brand new YouTube channel with all the content of my former one but without the unrelated clutter you had to sift through to find the infomation you want.

The channel is called IT Mostly on YouTube and will serve as the official video partner to this blog.  You can find it at the link in the sidebar as well as here:

By the way, the YouTube copyright strike has been removed and those same 2 videos are back up and in public circulation again and will remain so until further notice.

For more on the story see this article on my other blog, Digital Dyanmic, here.

For a sampler of what's on the YouTube channel, I invite you to try out the playlist I've provided below.

That's all for now.

Friday, September 26, 2014

FIX your BASH already! Correcting the BASH shellshock vulnerability

By now you've heard that just about every 'Nix box on the planet is vulnerable to a flaw in the BASH shell that allows code insertion regardless of your level of access.  Worse, it's been that way for 25 years!

Ok, so that's a problem but what's the solution?

It's actually pretty simple...

First you test, then you patch, then you test again.  I've provided some command line snippets you can use on your Red Hat or Debian based Linux distros.  The testing command is almost universal the patch commands are more system specific.  Regardless, you need to get this done ASAP as less than 24 hours after its discovery there were already active bots scanning the net looking to exploit the vulnerability.

The command snippets you need are below as well as a video showing the update process.  The following link had the most complete information I've found if you want to know more.

You've got what you need, now go to it!


Testing command (at a shell prompt or terminal session)

env VAR='() { :;}; echo Bash is vulnerable!' bash -c "echo Bash Test"

Bash updates:


sudo apt-get update && sudo apt-get install --only-upgrade bash

CentOS/Red Hat

sudo yum update bash