Bill Arlofski's blog

Why server maintenance - with a focus on security patches - is important

From the article "Bug in Bash shell could be worse than Heartbleed"

The last line in the article says it all:

"Shellshock is rated as 10 out of 10 or the highest possible severity rating by the United States National Vulnerability Database (NVD). Furthermore, NVD rated Shellshock as a 10 on the scale when it comes to both impact and exploitability."

At Reverse Polarity, we offer our clients the piece of mind that comes with knowing that their servers and systems are secure from vulnerabilities and are patched against new ones as soon as they are announced.

We were notified of this "Shellshock" vulnerability in the bash shell late this afternoon, and within less than two hours (not days, not weeks, not months...), all of our customers with servers under maintenance contracts were updated and patched against this major security vulnerability.

There is (at the time of this posting) an interesting, and on-going conversation on Twitter under the hashtag #shellshock.

Update 21:24
Another article here: Major Bash Vulnerability Affects Linux, UNIX, Mac OS X

Update 21:30
A posting from RedHat

Update 21:48
Apparently, the initial patch to bash does not appear mitigate all circumstances. It is being said that there may be more patches to be applied in the coming days.

Update 21:52
Another Blog posting from RedHat

Update 09/25/14 9:42
Linux/Bash0day alias Shellshock

FOG Snapin to Deploy Ruckus Pre-Shared Keys (PSKs) to Windows 7 Laptops

The Problem...

At one of our clients' sites where we installed FOG (An open-source, networked computer hard drive imaging solution), there was only one thing preventing them from reaching the goal of having practically hands-free deployments of their Windows 7 images to their laptops: The wireless profile configuration.

End-user Control of Wireless Networks Using Open-Source Software

The Request:

We recently had a client come to us with a very specific, albeit an unconventional request with regards to the type of wireless solution they envisioned. Due to concerns from some parents and faculty members, they wanted to limit the amount of RF signals the children were exposed to while at their school.

To meet this goal, they wanted the ability to enable and disable individual wireless access points so that they could provide wireless connectivity only when and where it was necessary for teaching specific classes, and then disable it all other times. They also wanted the process to be as simple as possible so that teachers would be able to easily manage the state of the wireless access points.

In an age when everyone expects 24/7/365 Internet access everywhere, they wanted to do the opposite.

Part II: Apple iPads, Apple TVs, Bonjour & AirPlay Across Subnets Using Open-Source Software

In my previous post HERE, I gave a brief description of Apple's implementation of the mDNS protocol which they named "Bonjour". I explained why the protocol does not function in a segmented (subnetted) network and described the open-source solution that we deploy for our clients which is comprised of a free, open-source Gentoo Linux (virtual) server running the open-source implementation of the mDNS protocol called "Avahi."

My goal in this post is to describe in detail exactly how to implement your very own virtual "Bonjour Gateway" in a VMware vSphere environment.