Some Reflections on the SHELLSHOCK lab

Notes

• PATCH YOUR SOFTWARE
  • People write code
  • Code contains bugs
  • AI is trained off the software written by humans
  • here is a blog, but I bet there are studies as well
  • We are constantly finding exploitable vulnerabilities.
  • But we are constantly patching and fixing our software.
  • Read the first part of the Wikipedia article on shellshock
  • Watch this video from yesterday.
  • This one is older, but more scary Hacking and controlling a jeep.
  • PATCH YOUR SOFTWARE!!!
• Use the right tool for the job
  • Bash is a good tool for rapid prototyping
  • And also for 1 off quick scripts
  • But probably not for cgi-bin progrms
• Most ports on modern machines are locked down
• Most connections are secure/encrypted, but that would not have helped here.