<HTML><HEAD>
<STYLE><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></STYLE>
</HEAD>
<BODY class=hmmessage dir=ltr>
<DIV dir=ltr>
<DIV style="FONT-SIZE: 12pt; FONT-FAMILY: 'Calibri'; COLOR: #000000">
<DIV>Thanks, Did the update as I am sure others will as well.</DIV>
<DIV>Steve</DIV>
<DIV>N4YZA</DIV>
<DIV
style='FONT-SIZE: small; TEXT-DECORATION: none; FONT-FAMILY: "Calibri"; FONT-WEIGHT: normal; COLOR: #000000; FONT-STYLE: normal; DISPLAY: inline'>
<DIV style="FONT: 10pt tahoma">
<DIV> </DIV>
<DIV style="BACKGROUND: #f5f5f5">
<DIV style="font-color: black"><B>From:</B> <A title=doug@crompton.com
href="mailto:doug@crompton.com">Doug Crompton</A> </DIV>
<DIV><B>Sent:</B> Thursday, September 25, 2014 12:27 PM</DIV>
<DIV><B>To:</B> <A title=mike@midnighteng.com
href="mailto:mike@midnighteng.com">mike@midnighteng.com</A> </DIV>
<DIV><B>Cc:</B> <A title=app_rpt-users@ohnosec.org
href="mailto:app_rpt-users@ohnosec.org">app_rpt-users@ohnosec.org</A> </DIV>
<DIV><B>Subject:</B> Re: [App_rpt-users] NEW Security Issues</DIV></DIV></DIV>
<DIV> </DIV></DIV>
<DIV
style='FONT-SIZE: small; TEXT-DECORATION: none; FONT-FAMILY: "Calibri"; FONT-WEIGHT: normal; COLOR: #000000; FONT-STYLE: normal; DISPLAY: inline'>
<DIV dir=ltr><FONT color=#000000 face=Tahoma,sans-serif>Information on Centos
Bash update -<BR><BR><A
href="http://centosnow.blogspot.com/2014/09/critical-bash-updates-for-centos-5.html"
target=_blank>http://centosnow.blogspot.com/2014/09/critical-bash-updates-for-centos-5.html</A><BR><BR
id=FontBreak></FONT><B><FONT style="FONT-SIZE: 16pt" size=4>73 Doug</FONT><FONT
style="FONT-SIZE: 16pt" size=4><BR></FONT><FONT style="FONT-SIZE: 16pt"
size=4>WA3DSP</FONT><FONT style="FONT-SIZE: 16pt" size=4><BR></FONT><FONT
style="FONT-SIZE: 16pt" size=4>http://www.crompton.com/hamradio</FONT></B><FONT
style="FONT-SIZE: 16pt" size=4><BR></FONT><BR><BR>
<DIV>
<HR id=stopSpelling>
From: mike@midnighteng.com<BR>To: app_rpt-users@ohnosec.org<BR>Date: Thu, 25 Sep
2014 08:06:13 -0700<BR>Subject: [App_rpt-users] NEW Security Issues<BR><BR><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: verdana; COLOR: #000000">
<DIV> </DIV>
<DIV>The increase in recent hack attempts are the result of the resent knowlage
of a fundamental bug in bash.</DIV>
<DIV>It was not a big deal till someone published the flaw before some patches
could be issued.<BR></DIV>
<DIV> </DIV>
<DIV>Some folks set-ups are vulnerable. If you run HTTP, you certainly
are.</DIV>
<DIV> </DIV>
<DIV>Just a FYI...</DIV>
<DIV> </DIV>
<DIV>SHELLSHOCK - this is bigger and older than heartbleed.<BR></DIV>
<DIV> </DIV>
<DIV>It is a very big deal for "all" linux systems running http.<BR></DIV>
<DIV> </DIV>
<DIV><A href="http://seclists.org/oss-sec/2014/q3/650"
target=_blank>http://seclists.org/oss-sec/2014/q3/650</A>
<BR></DIV>
<DIV> </DIV>
<DIV>to check your version of bash, type</DIV>
<DIV> </DIV>
<DIV>cd /bin</DIV>
<DIV>bash --version</DIV>
<DIV> </DIV>
<DIV>our acid installs should be at 3.2 </DIV>
<DIV>Remote ssh devices are possibly at risk.</DIV>
<DIV>Current patches may not be entirely effective.</DIV>
<DIV>Much more to be known about this.<BR></DIV>
<DIV> </DIV>
<DIV>google shellshock for more info.<BR></DIV>
<DIV> </DIV>
<DIV>...mike/kb8jnm</DIV>
<DIV> </DIV>
<DIV> </DIV></SPAN><BR>_______________________________________________
App_rpt-users mailing list App_rpt-users@ohnosec.org
http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users To unsubscribe from
this list please visit http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users
and scroll down to the bottom of the page. Enter your email address and press
the "Unsubscribe or edit options button" You do not need a password to
unsubscribe, you can do it via email confirmation. If you have trouble
unsubscribing, please send a message to the list detailing the
problem.</DIV></DIV>
<P>
<HR>
_______________________________________________<BR>App_rpt-users mailing
list<BR>App_rpt-users@ohnosec.org<BR>http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users<BR><BR>To
unsubscribe from this list please visit
http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll down to the
bottom of the page. Enter your email address and press the "Unsubscribe or edit
options button"<BR>You do not need a password to unsubscribe, you can do it via
email confirmation. If you have trouble unsubscribing, please send a message to
the list detailing the problem.
<P>
<HR>
<A></A>
<P align=left color="#000000" avgcert??>No virus found in this
message.<BR>Checked by AVG - <A
href="http://www.avg.com">www.avg.com</A><BR>Version: 2014.0.4765 / Virus
Database: 4025/8270 - Release Date: 09/25/14</P></DIV></DIV></DIV></BODY></HTML>