Shellshock and the Story of the Environment


  October 1, 2014 |   40 minutes40 m. (8465 words)
Graphic showing a black sphere in space

At the turn of September and October 2014 the world learned of a security vulnerability that had been lurking for years in the GNU Bourne Again Shell (a.k.a. Bash). Most IT-security outlets had already covered the topic and published appropriate remediation methods, yet what caught my attention was the educational aspect of the flaw – in that regard it is a “good bug”, that is, one that can be used to explain many interesting mechanisms present in Unix-like systems.

# # # # # > Bash > Unix > GNU/Linux

Evil Packages


Attacks Targeting Package Repositories


   August 2, 2010 |   11 minutes11 m. (2222 words)
Photography of food packaging

Attacks that rely on setting up fake update servers are not as difficult to carry out as one might think. The main reasons are administrators’ carelessness and the absence of robust version-publishing processes, although occasionally we see astonishing attack vectors that are hard to anticipate.

# # # # # # > APT > YUM > YaST > GNU/Linux > Ubuntu > Fedora > openSUSE > CentOS > Debian > Stork