{"id":5634,"date":"2014-09-28T19:37:08","date_gmt":"2014-09-29T02:37:08","guid":{"rendered":"http:\/\/www.podfeet.com\/blog\/?p=5634"},"modified":"2024-12-15T19:17:59","modified_gmt":"2024-12-16T03:17:59","slug":"490-verizon-vs-att-radios-backing-up-drobo-to-drobo-mac-mini-monitor-hack-chronosync-shellshock-explained-ttt-search","status":"publish","type":"post","link":"https:\/\/www.podfeet.com\/blog\/2014\/09\/490-verizon-vs-att-radios-backing-up-drobo-to-drobo-mac-mini-monitor-hack-chronosync-shellshock-explained-ttt-search\/","title":{"rendered":"#490 Verizon vs AT&T Radios, Backing up Drobo to Drobo, Mac Mini Monitor Hack, Chronosync, Shellshock Explained, TTT Search"},"content":{"rendered":"

I’m weary of defending Apple and I explain why. In Dumb Question Corner Steve Davidson asks for an explanation of whether the new iPhones from Verizon and AT&T can actually be moved between the two carriers and I find the answers at https:\/\/www.apple.com\/iphone-6\/specs\/<\/a> and http:\/\/www.techwalls.com\/differences-between-iphone-6-6-plus-models\/<\/a>. Steve and I continue our adventure figuring out how to back up one Drobo with another. I mention the Belkin Thunderbolt dock from Amazon<\/a>, ResistorVision<\/a> to read resistor values, Chronosync backup software from Econ Technologies<\/a> and a hack to convince the Mac Mini that it has a monitor connected when it doesn’t<\/a>. In Chit Chat Across the Pond Bart breaks down the Shellshock vulnerability, and in Taming the Terminal Part 21 of n, we learn more about searching from the Terminal.<\/p>\n

http:\/\/media.blubrry.com\/nosillacast\/traffic.libsyn.com\/nosillacast\/NC_2014_09_28.mp3<\/a><\/audio>
\n\"itunes\"<\/a>
\nmp3 download<\/a>
\n
\nHi this is Allison Sheridan of the NosillaCast Mac Podcast, hosted at Podfeet.com, a technology geek podcast with an EVER so slight Macintosh bias. Today is Sunday September 28, 2014 and this is show number 490. <\/p>\n

Blog Posts<\/h3>\n

Weary of Trying to Defend Apple<\/a><\/h4>\n

Dumb Question Corner \u2013 Can AT&T and Verizon Phones Work on Each Others Network?<\/a><\/h4>\n

Backing up a Drobo \u2013 The Adventure Continues<\/a><\/h4>\n

Clarify<\/h3>\n

Hey that sounds like a great segue for an ad for Clarify! Like I said, I didn’t do the tutorial for anyone but me, but it’s amazing how often someone else finds one of these tutorials useful so I always share them no matter how arcane they are. I dropped in links to things like the Apple support article explaining how if you have an Airport device or an Apple TV, either one of them will just magically make your Macs wake up for you if you need them. I put in screenshots, blurred out usernames and passwords, drew boxes around buttons I should push next time and made myself little notes to explain why I set switches a certain way. It’s not a complex tutorial or even all that complicated to execute but I just hate having to figure out something a second time. <\/p>\n

If you’re forgetful or even just lazy (I’m both) grab yourself a copy of Clarify from clarify-it.com<\/a> and save yourself time and energy. Heck, you don’t even have to share your tutorials with anyone but yourself to get productivity out of Clarify.<\/p>\n

Chit Chat Across the Pond – Time 23:24<\/h3>\n

Security Medium – Shellshock<\/strong><\/p>\n

This week it emerged that there has been a nasty bug in BASH for years. Initially it was just ‘the BASH vulnerability’, but someone nicknamed it Shellshock, and it stuck, so that’s how the media are running with it now.<\/p>\n

The vulnerability is in how BASH handles environment variables, and the result of exploitation is code execution. While you might think the shell is not very exposed over the network, the problem is that lots of services utilise environment variables, and lots of Linux and Unix servers use BASH to handle environment variables (at least by default), so in reality remote code execution through stuff like web servers is actually as easy as sending a request to the server containing a carefully crafted HTTP header. Researchers have also found that some DHCP implementations (NOT Apple’s custom one) expose the vulnerability.<\/p>\n

A server bug allowing remote code execution is exactly what you need to get an internet worm going, and that’s exactly what is starting to happen in the wild. Researchers have already found botnets spreading themselves using this vulnerability.<\/p>\n

Most Unix and Linux distributions were quick to shift a patch, so sysadmins all around the world spent Wednesday night and Thursday patching like mad.<\/p>\n

Then it turned out the first patch didn’t really fix all of the problem, so a second patch had to be released – so all those overworked sysadmins got to do it again 24 hours later!<\/p>\n

The big problem is that not all things that use BASH have been patched:<\/p>\n