Shellshocked?

Just to inform you that my webserver (a private one, that serves all the pages of www.riscos.fr) was not vulnerable to this issue, and has not been patched.
I have a few other problems with stability, still I cannot force a reboot of the Panda, but I plan to switch to a Pi as soon as the latest USB patches will be on the CVS.

Hum, yes, my webserver runs under RISC OS.
… I know :)

I feel as if this is a vindication of what I said a decade and a half ago, if not longer. All those “*nix is safe, *nix hasn’t been compromised”…
…there is a huge difference between that which is safe versus that which has not been compromised. I said long ago that the reason *nix was perceived as being secure was nothing to do with “the source code is available” and a lot to do with the sorts of people that were using those systems. Once upon a time it took a hardcore nerd to get a system running. Once upon a time, network infrastructure used a lot of custom code on minimalist kernels. Once upon a time, the sort of people who even knew how to use bash could out-think and outwit those attempting to compromise it. In short, there was no point in attacking something that could neither be exploited nor ripped off.

Now Linux, Debian kernel, et al are ubiquitous. From home routers to the computers of those fed up with Windows. iThingies and phones. Rich pickings for personal data, credit card information, and to hijack the systems for good ol’fashioned extortion. In short, now that these systems have become popular enough to make them a worthwhile target, the egotistically smug self-important facade is crumbling and we are seeing how easily “secure” can be compromised. This won’t be the last time, for there is no such thing as an unhackable system.
Everybody was so quick to mock Windows (which, to be honest, did deserve a lot of ridicule for some spectacularly stupid decisions, like XP single account users (that’s most domestic machines) being administrator by default), and we used to laugh at the “patch Tuesday” and the grief it could cause admins.
Well, congratulations, *nix has come of age and is now a worthwhile target for the criminal scum.

In other words: Tag, you’re It…

I feel as if this is a vindication of what I said a decade and a half ago, if not longer. All those “*nix is safe, *nix hasn’t been compromised”…
…there is a huge difference between that which is safe versus that which has not been compromised.

RISC OS users had better cross our collective fingers and hope that no-one ever decides to pay us any attention, then…

At least Windows and Linux have some security built in; RISC OS doesn’t. We got away with it in the 80s and 90s because when there were RISC OS viruses out there we’d not heard of the internet. Should someone pay attention to us again now, especially in these days of flash “ROMs” where even the core OS isn’t ‘safe’, I have a feeling that it would be carnage.

While it is true and while our security level ranks somewhere below zero…

…our browser doesn’t remember passwords.
…not does the OS maintain and manage bank accounting information, either for NFC or AppStore arrangements.
…it would be possible to hijack RISC OS to run as a botnet slave, but since the average RISC OS user likely knows more about what is going on in the system than the average Windows user, it shouldn’t be too hard to notice errant behaviour and track it down.
…if eradication proves difficult, a simple SD reimage will do the job.

In a way, there’s a benefit to having an insecure late-’80s era setup. Nobody has any daft illusions of safety and security.

Our “security” is not so much through obscurity (although that helps) but more to the fact that it just isn’t going to be worth it. Few people write attacks for lulz these days, it is for control and money. The two things that have driven certain types of people and shaped history since before history was even recorded. Ergo, we’re just not rich pickings. Move on, nothing to see here…

Thats the reason, why i prefer to use a proprietary OS.
Just not interesting enough to get attacked.
noone does that much work to write a virus,
just to get it finally to attack 15 computers
out on the net. also imho an advantage of
heterogen networks..

Thats the reason, why i prefer to use a proprietary OS.

Uhhh… Windows is proprietary. It’s been the biggest attack target in the history of computing.

SCADA likely included a lot of proprietary hardware. The protocol itself succumbed, the connected equipment followed.

Just not interesting enough to get attacked.

Ah, you mean minority, not proprietary.

also imho an advantage of heterogen networks..

:-) I see it the other way. Instead of one architecture and OS to compromise, you’ll have more. More differences equals more attack surface.