Shellshock and the Story of the Environment


  October 1, 2014 |   40 minutes40 m. (8465 words)
Graphic showing a black sphere in space

At the turn of September and October 2014 the world learned of a security vulnerability that had been lurking for years in the GNU Bourne Again Shell (a.k.a. Bash). Most IT-security outlets had already covered the topic and published appropriate remediation methods, yet what caught my attention was the educational aspect of the flaw – in that regard it is a “good bug”, that is, one that can be used to explain many interesting mechanisms present in Unix-like systems.

# # # # # > Bash > Unix > GNU/Linux

Bitsquatting


Cosmic radiation and breaking security


   May 23, 2013 |   20 minutes20 m. (4135 words)
The photograph shows a UFO mock-up

When typing a website name into the browser’s address bar, mistakes sometimes happen. Instead of visiting the right site, we end up on a so-called domain parking page, or in a completely different service. There are also less safe situations—sites deceptively similar to the originals, used to siphon data or infect a computer with malware. Let’s imagine that a similar situation could occur even when the entered address was correct…

# # # # #

Evil Packages


Attacks Targeting Package Repositories


   August 2, 2010 |   11 minutes11 m. (2222 words)
Photography of food packaging

Attacks that rely on setting up fake update servers are not as difficult to carry out as one might think. The main reasons are administrators’ carelessness and the absence of robust version-publishing processes, although occasionally we see astonishing attack vectors that are hard to anticipate.

# # # # # # > APT > YUM > YaST > GNU/Linux > Ubuntu > Fedora > openSUSE > CentOS > Debian > Stork