It All Started With a Wager About System Upgrades

It all started with a wager of the usual amount over beers with @brianhatfield. When running workloads in Cloud environments, do organizations routinely and blindly upgrade their systems? The actual means of triggering the upgrade were not questioned – chef run, hourly cron job, etc. One side took 10% or less, the other 90% or greater. While it’s not important who claimed the moral victory of coming closest, it’s important to remember that no one got paid (read: I lost). Read more “It All Started With a Wager About System Upgrades”

CVE-2014-6271 And You: A Tale Of Nagios And The Bash Vulnerability

The internet is yet again feeling the aftereffects of another “net shattering” vulnerability: a bug in the shell ‘/bin/bash’ that widely affects Linux distributions and is trivial to exploit. The vulnerability exposes a weakness in bash that allows users to execute code set in environment variables, and in certain cases allows unauthenticated remote code execution.

Possible vectors for attack include: