Skip to main content

Posts

Showing posts from October, 2014

Somebody is Conversnitching

Wouldn't it be interesting if you could put a listening device in a lamp so that you could hear what your buddy down the hall was saying, or listen in on a conversation from the team that your competing against. Well now you can, with this fun little gadget known as the Conversnitch. It is a listening device that lives in a light bulb. Once it grabs some audio it puts the string into a format that can be posted to Twitter in real-time. Hilarious right? 
It is constructed from little more than a Raspberry Pi miniature computer, a microphone, an LED and a plastic flower pot. It screws into and draws power from any standard bulb socket. Then it uploads captured audio via the nearest open Wi-Fi network to Amazon’s Mechanical Turk crowdsourcing platform, which McDonald and House pay small fees to transcribe the audio and post lines of conversation to Conversnitch’s Twitter account. Take a look at the video above and let me know what you think. I thought it was pretty entertaining myself…

Bash Bug aka 'ShellShock' & the 'AfterShock'

There is a critical vulnerability in the in the GNU Bourne Again Shell other wise known as Bash. The news was released on September 23, 2014, and has continued to evolve as the days go by in regards to severity of the ShellShock bug.

So ... What is ShellShock

Other than a cool looking cartoon character from the Marvel comic book series (see picture at right), ShellShock is a fundamental flaw in the Bourne Again Shell or Bash for short, which is used in many Linux, UNIX, and MacOS operating systems. The vulnerability allows attackers to execute specially crafted commands remotely through environmental variables when Bash is invoked. An environmental variables are a set of dynamic named values that can affect the way running processes will behave on a computer.

RedHat.com describes the bug as follows:
A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell c…