140925

amanfromMars 1 Thu 25 Sep 05:08 [1409250508] having a say on http://forums.theregister.co.uk/forum/1/2014/09/24/bash_shell_vuln/

Re: Get a grip [@ John Sanders]

This is a quite serious problem I'm afraid. ..... John Sanders

Quite a game-changer would be another way to sum up the exploit and vulnerability vector, John. And something quite serious for the NSA's newly created Chief Risk Officer, Ms Anne Neuberger, to fluff and not ignore and realise is an opportunity to change a series of catastrophic intelligence disasters into something else quite different and increasingly more successful and engaging.

It is in more worlds and spheres of collateral influence than just IT and Media that Competent Cyber Warriors Reign Immaculately and Rule Imperiously. The secret though is to realise that in there/out there one be not alone, and there can be many who are considerably better skilled in the Right Dodgy Royal and Ancient Future Builder Arts. Such a wisdom keeps one sufficiently alert and far enough ahead of the games being played to be almost thought of as leading, and that may be thought of and treated by some into the Madness and Mayhem of FUD and Continuity of the Status Quo, as a Live Existentialist Threat, and that is surely a Monumental Mistake that Intelligence Services and Servers make in Orders in order to comprehensibly fail spectacularly.

..........................................................................

amanfromMars 1 Thu 25 Sep 11:20 [1409251121] having a say and posing a valid enough question on http://forums.theregister.co.uk/forum/1/2014/09/25/shell_shocked_not_yet/

Some Cream for that Coffee.

Ok, it's early and I haven't finished my coffee yet. Isn't this an injection vulnerability due to not escaping the remote input before using it to set the environment variable?

What is crafting the command which is setting the env with a function using the remotely supplied value?.....Chris--S

An
irregular and unconventional intelligence somewhat greater than the norm and for/from future operations rather than from/for past systems in present race overlode conditions/critical situations seems most probable and likely however inconvenient that might be to current executive admins. Chris--S.

I wonder if Kevin Mitnick is selling it? ....... http://www.wired.com/2014/09/kevin-mitnick-selling-zero-day-exploits/

...............................................................

amanfromMars 1 Thu 25 Sep 18:13 [1409251813] sharing a obvious truth on http://forums.theregister.co.uk/forum/1/2014/09/25/insider_threat_growing_warn_feds/

Too little, too late, and just so typical of a failed state.

Whatever the cause of a data breach problems, enterprises need an incident-handling plan in place before a breach takes place – rather than scrambling to deal with an emergence after the fact,…

An incident handling plan or a do no inequitable and evil business program? Only the one solves the problem and delivers the answers that are needed but it is disruptive and revolutionary and really fcuks up the systems as are presently being attacked daily and zerodaily because of opportunities exploited via unpatchable vulnerabilities/dark web holes/virtual channels.

And that is not a million miles away from dogged/Socrates’s observation ……. Socrates' solution was to properly train their souls, if that helps. …. although on a whole new plane/level of spooky understanding and daring do.

.............................................................