Bob's Tech Talk - Bobs Tech Talk News and Reviews

Entries from October 5, 2014 - October 11, 2014

Friday

Oct102014

Simplivity’s response to the Shellshock issue

Friday, October 10, 2014 at 9:50AM

Shellshock Advisory

SimpliVity is issuing this message as part of our Product Security Incident Response process to help protect our customers from a software vulnerability publicly disclosed yesterday (September 24, 2014) known as "Shellshock".

The vulnerability is in the GNU Bourne Again Shell (Bash), the command-line shell used in many Linux and Unix operating systems. Details of the vulnerability can be found at the Common Vulnerabilities and Exposures website - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271.

The SimpliVity OmniCube software uses a version of Linux that is impacted by this vulnerability. This vulnerability is not specific to the SimpliVity product. It affects a large number of software products that leverage Linux/Unix operating systems.

SimpliVity takes product security seriously. We are in the process of developing a software update that remediates this vulnerability and will make it available to all customers via SimpliVity’s Global Services Customer Support team.

While this vulnerability represents a large risk to the general marketplace, its potential impact on SimpliVity OmniCube deployments is significantly lower because this vulnerability cannot be exploited on the OmniCube Software by an unauthenticated user.

Should you have any further questions, please contact SimpliVity Customer Support at 1-855-SVT-SERVICE (USA) or 1-508-536-4151 (International), or email support@simplivity.com.

Best Regards,

Randy Boutin

VP, Customer Support

SimpliVity Corporation

Bob Appleby |

Press Release: Sophos on ShellShock

Tuesday, October 7, 2014 at 2:43PM

Shellshock: What you can do to stay safe

Bash Shellshock – What Is It?

Shellshock is a serious security bug in Bash, a shell commonly used in computers running Linux, UNIX and OS X. Shellshock could allow an attacker to execute malicious commands across the Internet on remote computers, notably web servers.

The Threat

Cybercriminals are trying to exploit Shellshock to steal data and compromise servers with malware. SophosLabs has seen malware in the wild that seeks to exploit Shellshock to gain access to a server and call home for instructions.

This kind of malware could infect servers to create a botnet, which cybercriminals use to distribute zombie malware, or for turning the botnet into a weapon for launching distributed denial-of-service (DDoS) attacks on web servers.

Sophos Can Help

Sophos products protect against Shellshock attacks in several ways:

•	Sophos Antivirus blocks malware-related payloads exploiting Shellshock in Linux, UNIX and OS X

•	Web Application Firewall (WAF) and Intrusion Prevention System (IPS) rules in Sophos UTM stop Shellshock requests before they reach the server

•	Advanced Threat Protection (ATP) in Sophos UTM blocks malware call-home attempts, and creates a threat alert for malicious traffic

Visit Sophos.com/shellshock for the latest news and security advice from the experts at Sophos.

Bob Appleby |

Square has a new update in both hardware and software available for free!

Monday, October 6, 2014 at 2:11PM

Check out what we’ve been working on and then sign in to your Square account to request your new free card reader.

Send Invoices for free
Receive next business day deposits directly to your bank account
Accept payments without an internet connection
Manage inventory and keep stock of items
Integrate with your favorite third-party services like QuickBooks and Xero

If you haven’t taken a look at Square recently you might be in for quite a surprise. I know that I was. I have had a test account with them for quite awhile and was set back with all of the new capabilities and functions available from Square.Take a few minutes and see what the new Square has to offer.

Bob Appleby |