Shellshock (CVE-2014-6271)

Shellshock (CVE-2014-6271)

This is probably is worst than the Heartbleed vulnerability and you will need to update everything based on Bash.

To test if your Bash is vulnerable execute the following code:

$ env x='() { :;}; echo vulnerable' bash -c 'echo this is a test'
vulnerable
this is a test
The word “vulnerable” on the second line indicates the system is vulnerable.

Output after initial patch:

$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test
The absence of the word “vulnerable” indicates bash did not execute the “echo vulnerable” command as part of setting the environment variable x, demonstrating the vulnerability is not present.

More info soon

How to delete the LSOs or Flash Cookies, The fast way

Local shared objects (LSOs) or Flash cookies are used by all versions of Flash Player and while websites use these cookies for storing preferences, there have been privacy concerns regarding these objects, and they may be considered a breach of browser security.

These cookies are the most permanent cookies ever.
I simple don’t like it so I delete them daily

To check what you have, press the Windows Key + R and type CMD to open the windows console, an type this command.

DIR %APPDATA%\Macromedia /s /a:-D /b

This is what I have…

Add these two lines into a txt file and change the extension as a .bat (Batch) later you can execute the file just double clicking to delete the LSO, or to include in an automatic Schedule Task.

DEL /F /Q /S "%APPDATA%\Macromedia\*.*"
RMDIR "%APPDATA%\Macromedia\Flash Player" /s /q

While I was Investigating more about LSO and privacy I found an interesting entry in Wikipedia about EverCookie that is a Javascript App to create a Zombie cookie to generate a persistent ID that inclusive the NSA (in a leaked document) suggests to track TOR users.

I am checking the EverCookie Project…