Build Debian Almquist Shell (dash) for OS X (GNU bash ShellShock part 2)

Even after pushing bash to 4.3.26, the aftershock of ShellShock (pun intended) is still there, as a developer commented that even the bash43-026 patch is still a “whack-a-mole” job.

Since my other main operating system is Ubuntu and the 3rd most common used is Debian jessie/sid, I am replacing /bin/sh with dash, Debian Almquist Shell, at least for now.

Continue reading Build Debian Almquist Shell (dash) for OS X (GNU bash ShellShock part 2)

GNU bash ShellShock bug and how to fix it on OS X

Update: A new bash patch is released as bash-4.3.26. This article is updated to include the new patch.

Recently another UNIX bug broke out: ShellShock bug in GNU bash, the most commonly-used UNIX shell. It allowed arbitrary code execution. which is bad.

Test code, if you want to check:

env "() { ;:}; echo gah" bash -c "echo test"

If you see both gah and test, your system is vulnerable! Read on!

Continue reading GNU bash ShellShock bug and how to fix it on OS X

VyRT Hacking (Part I): How a website accidentally give out your information

Recently news came that the official community website of the band 30 Seconds to Mars was hacked and information leaked. No public information is available yet, but I think I have a theory how this hacking worked, and how you Echelons can minimize damage.

This post is going to be a little bit hard on tech bits, so proceed with care. If you are greeted with some strange concept, Wikipedia will be your friend.

Continue reading VyRT Hacking (Part I): How a website accidentally give out your information