2572 posts • joined 12 Feb 2011
Since the government has full control of the internet, DNS, etc. as well as the ability to fake certificates it would easily be within their means to perform a MITM attack when Android owners connect to the Google Play store. Or, even easier, perform this attack (possibly via a complete takeover) using one of the Chinese app stores that people in China have come to trust. The idea that Android users in Hong Kong are safe if they avoid downloading apps from dodgy sources is a bit naive.
A device that's only capable of running signed apps may be limiting in some ways, but it prevents a lot of mischief that a state actor that possesses total control over the internet might possibly accomplish to get malware onto your phone.
Perhaps you should have read what I wrote, which didn't make any claims about the 1%, but about the "upper middle class". Unless you think the upper middle class extends to people with incomes not far from $1 million/yr, I was not talking about the 1%.
Anyone who says "Fact. (google it)" is full of shit. Fact. (google it)
Seriously, if you make a ridiculous claim you have to do your own research and post a link, not just tell us to do your research for you - you don't even give us the google search terms to arrive at whatever link you think proves whatever you're trying to claim.
You certainly can't be saying that real incomes in the US for the upper middle class have tripled in the past two decades. Sure, for the 1% they may have, but I wasn't talking about them - and that data is very misleading due to the fact that if you take the bottom 90% of the 1% their incomes haven't increased by even 50%. It is the 10% of the 1% that (the 0.1%) that have seen massive increases that skew the numbers for the 1% taken as a whole.
Given that all of us reading this fall into that global 1%
Perhaps it would be more instructive to separate out the 1% of that 1% that can easily skew the income figures to see how we're REALLY doing. There are not many of them, but when some of them have seen their incomes go up with 10x or more in the past couple decades, that really skews the number for the rest of us.
On an individual basis we may have seen that 60% jump and more because presumably as you get older you acquire more skills / get promoted / etc., but taken on a whole, there's no way that the "upper middle class" in the US has seen a jump anywhere near that. It may not be 0%, but it is a lot closer to that than 60%, that's for damn sure.
Why Microsoft cares
Presumably they believe that phone makers have been discouraged from pursuing a mixed Android / WP strategy. One would assume the reason they think that is because they've been told so by OEMs "off the record", though it is possible such pressure was overstated to provide an excuse when they didn't want to sell Windows phones.
For those OEMs who also sell PC Windows products, maybe they feared Microsoft's response there - Microsoft better hope their nose is completely clean in that regard, as once the regulators start digging who knows what they might uncover!
Whether the near absence of Windows Phone products from vendors other than Nokia is due to Google pressure, rather than fear of Microsoft's close relationship with Nokia (before they bought them) or the general lack of market demand for Windows Phone, is something the EU will have to determine.
Where does it say that Apple was involved in this? It is probably in Apple's favor if Android OEMs are chafing against the restrictions Google places on them, rather than everyone being happy and all singing from the same Android hymn book as Google would like people to think.
Expecting the OEMs to willingly provide details of Google's bad behavior is unrealistic. The PC makers weren't willing to rat out Microsoft and Intel, because they knew there would be consequences. It is like the police trying to get business owners to rat out the mafia for hitting them up for protection money. If the business owners think the mafia will kill them for talking, nothing the police can do will get them to talk.
They'll only cooperate with this probe if the punishment from the EU (1% of annual turnover for five years) is seen as worse than the damage that Google could do to their business if they retaliated. That's why such a large punishment is being dangled over their heads.
They almost certainly will
Assuming this move makes Paypal truly independent, and eBay or its major shareholders don't retain a significant portion of shares, eBay has no reason to maintain an exclusive relationship with Paypal in the long run. They won't give any hints about this because they know it would damage the value of Paypal. Instead Paypal will talk about how it will be able to expand its markets since it won't be seen as being for eBay only, etc.
I think Paypal may be very interesting to me a few months after IPO when it starts trading LEAPS, buying some puts for the January after next when that happens could become highly profitable as the value of Paypal will crash once eBay opens itself up to other payment methods.
Apple Pay, along with Google Wallet once it also supports EMV, may become a preferred payment method online within the next few years. I think eBay is dumping Paypal now because they know it will never be worth as much in 2017 as it is worth today.
Getting rid of spammers should be easy for them
In order to get in, you have to be invited by someone else. If you invite more than one or two (in case friend's accounts get hacked) spammers, your invite could be suspended. If you invite like a half dozen or more spammers, not only do you get suspended but everyone you invited (and those they invited, and so on) would get suspended.
That sort of policy would make it pretty difficult for spammers get a foothold.
You could make yourself more resist to "accidentally" suspension by having others "stand up" for you as a real non-spamming person. i.e. reputation based, so the higher your reputation the higher the bar for your account getting suspended for inviting spammers.
I'd agree to that if I actually read the thing
Knowing that a clause requiring me to give up my firstborn would be unenforceable, I wouldn't worry about it. I'd worry much more if I gave my assent to receiving marketing surveys because that's something I know would be enforceable!
"Price Apple would have charged a non-Apple subsidiary"
So if finished phones were being transferred, the wholesale price they charge vendors - which, for Apple, is very high as a percentage of the retail price.
If IP was being transferred, a high price would also be appropriate as recent court cases against Samsung have shown that Apple assigns a very high price to its IP based on the amount per phone they felt was appropriate for just a few design patents.
Because of this, it might be difficult to prove Apple got a special deal even if its transfer pricing is significantly higher than the competition. While many will say that Apple's prices are too high and they have made ridiculous demands for licensing their patents, if the issue isn't whether those prices are impartially (somehow?) judged to be too high, but rather whether the prices are in line with what Apple would charge a non-Apple subsidiary, Apple may be in the clear.
Are these vendors working together at all on bash patches?
Because based on the patch of the day club at Red Hat (on version #3 and counting...) Apple having a patch that the poster above claims only addresses some of the flaws, others having patches for some of their products but not others it seems like everyone's security team is coming up with their own fixes for bash that only incrementally address the issues.
Hopefully at some point someone will have a patch that actually fixes the flaw 100% (without adding new vulnerabilities) and everyone else will copy those changes into their version. Apparently no one wants to work together because they don't want that cooperation to delay their fixes, but it is worse to put out patches that only partially address the issue than it is to be kept waiting for a complete fix.
Sounds like OS X will need at least one more cycle if this isn't a complete fix, and Red Hat has already had three and there's no reason to believe that's it, so given these two examples that's probably going to be par for the course for everyone. Sounds like a really shitty week to be a sysadmin, sure am glad I'm not!
Re: Smartphones run for days, no need for "ancient Nokia" for better standby time
So maybe Samsung should make wall hugger commercials about their own customers if they have such shitty standby life.
If you don't believe me, you can do this experiment yourself for free if you want: Go buy an unlocked iPhone (5 or 6, doesn't matter) and charge it up all the way, toss in a disposable SIM and let it sit for 24 hours and see what the battery life is. Then return it for a full refund - Apple lets you return for any reason with 14 days or something like that. This experiment costs you nothing but your own time.
Not saying you should buy your gran an iPhone to get decent standby time, but just because your particular Android phone has absolutely horrid battery life doesn't mean they all do, and certainly doesn't mean that iPhones do.
Smartphones run for days, no need for "ancient Nokia" for better standby time
The reason most of us find a smartphone needs a nightly charge is because we use them all the time, and for much more than just calling. If the ancient Nokia lasts for days, the smartphone would too, because they last a long time in standby. Go look at the specs for standby time on what you have, you might think it is fantasy but it is "standby" time, i.e. you aren't touching it at all (and it assumes a strong cellular signal, if you have only a couple bars at home you'll do worse, naturally)
This was brought home for me a few weeks back when I accidentally left my phone at home on a Saturday when I was with friends from 7:30 AM until past midnight. When I returned I found my iPhone 5 sitting on the edge of the bed where I'd left it, with a 93% charge. Along with a couple missed calls and nearly 300 messages (the bulk from my friends teasing me about forgetting my phone...probably shouldn't have told them!)
Re: Jurisdiction shopping
It is a bad thing when it transfers commercial property taxes to residential, and large businesses transfer property taxes to small businesses.
When O2 offers you a cheaper mobile tariff, the money they lose giving you a discount doesn't have to be involuntarily made up by someone else. So no, it isn't the same thing at all.
This is a problem anytime you have different governmental bodies competing for tax revenue. It becomes a race to the bottom as undercutting what the "other guys" charge is worth it if you can get enough extra to make up what you lose from who you already have.
You even see this down to the local level. Not long ago where I live a large department store was induced to move from the mall in the town where I live to a new development in a suburb. It moved about 5 miles and got $15 million in property tax breaks to do so. It was worth it for the suburb, as even with the tax break they're getting a lot of tax revenue they wouldn't otherwise. Of course, next time my town might give a tax break to get someone to move from the suburb, and if it continues this behavior will destroy the large commercial tax base in both places and put more of the burden on residential property taxes - I'm certainly not seeing any offers for tax breaks if I build a house in the suburb and move there!
That's the problem with this - only the big boys can play. A small business, if even able to take advantage of the tax break Apple/Google/Microsoft/Intel/etc. do in Ireland, couldn't afford the overhead of accounting and legal expenses to make sure they're moving all the money around in the right ways and complying with any little changes in the law in Ireland or other EU countries.
The only solution is a government larger than the competing governments stepping in to prevent this. If my state government made a law banning this type of inducement, there won't be a war of attrition that reduces the commercial tax break and favors larger businesses over smaller ones that won't receive such inducements. If the EU banned the type of arrangement Apple et al have they'd prevent the possibility of another country coming along and undercutting Ireland's deal by providing them even lower taxes elsewhere.
On a nation versus nation standpoint, where there is no larger government, such as for instance USA vs Japan vs China, you have to hope market forces work because that's all you have to rely on. Where the market fails (and while Randians refuse to acknowledge the possibility, markets do indeed fail where there is not a truly level playing field, which is more often than not the case) you have to hope the outcome isn't too suboptimal.
Re: Is it even relevant?
They've actually paid billions to Ireland, because "hardly anything" of the many billions they've made over the years (especially in recent years) adds up to real money.
The reason Ireland did this in the first place was to attract just this sort of trade in companies running their taxes through Ireland. Better to take a small bite of something than a large bite of nothing.
That's a great idea in theory, but how are you going to decide what "lots" is, and what a fair transfer price should be?
If it was that simple, it would have been done that way when the EU was formed. But different countries have different costs for labor, energy, production/importation of raw materials, etc. so it was never going as cut and dried as you seem to wish it would be.
Re: This is why there was no Win7 SP2
Given the percentage of the Windows user base likely to be Windows 7 from now until 2020, do you really think any drive maker would abandon a market of that size? I wouldn't expect to see 512e drives go away until after Windows 7 is out of support in 2020.
This is why there was no Win7 SP2
They could see the writing on the wall with Windows 8 so they delayed and then dropped plans for SP2, because it would restart the clock on Windows 7's life. This way they can dump it in 2020, instead of 2021 or 2022.
They will be about ready to introduce Windows 11 in 2020, so probably Windows 10 will see most of the upgrade action in the year or two leading up to that date. Otherwise, there is exactly ZERO reason for any corporation on Windows 7 today to update to Windows 9. That is a ton of work with no tangible benefit. Few care about running Metro apps, on the desktop or otherwise.
There's really nothing they can do to change that, as Windows 7 is stable enough, secure enough, and supports 64 bits and SSDs well. The only thing it doesn't support is touch, which as predicted turned out to be something few people care about in a laptop and no one cares about in a desktop.
Re: Separate Browsers
I don't use FB on a browser at all, only the mobile app on iOS. Good luck trying to get any browsing or searching information off me! The downside of using the app is that I can't block the
ads sponsored content spam, but it is easy enough to scroll on by. For now...
Re: "with up to a greater than 90 per cent success rate in data recovery"
This is a great deal for them, they'll induce paranoid people to pay for something they don't need, and the non-committal on recovery means they can limit the amount of effort they put into it to whatever the "insurance" costs. Pay $100, they'll spend a few hours trying to get data off, if it takes longer than that they'll tell you "sorry"
Besides, who the hell needs data recovery of surveillance drives? What are the odds a drive fails just as someone breaks in?
" instantaneous response to changing conditions is required, such as lighting management"
WTF? How does lighting management need to be "instantaneous"? The lights are for the benefit of humans, who can't perceive a reaction delay of a couple milliseconds, let alone microseconds!
Why is the HTC "not comparable"? CR tests show it has more bendy than any other phone they tested, and users experienced actual bending of it months ago (google "m8 bent") You just decided it wasn't comparable because it ruins your crazy idea that Apple is at fault and everyone else with the same issue is excused because they aren't Apple.
So somehow "Apple dropped the ball", not HTC despite also selling a bendy phone for months. The iPhone 6 is not "notorious for bending in people's pockets". There are a few scattered reports that received an undue amount of attention because it was Apple, while the same scattered reports for the M8 received no press attention whatsoever. Plus one guy made a video of bending it by hand that was later demonstrated to be faked (hint: look at the time on the phone throughout the video)
There's a lot of "give" in the typical ass, so it isn't like the CR test
However, I personally wouldn't sit on ANY phone, no matter how much strain they were able to take, because there's no possible upside to doing so and the downside is picking pieces of glass out of your ass.
In that scenario, a bent phone is the least of your problems while you're
sitting standing in the ER waiting to have stitches in your ass cheek!
Re: Am I the only one who sees an issue here?
The question isn't whether it takes less pocket force to bend an iPhone 6, it is how likely the amount of pocket force it takes to bend an iPhone 6 is to occur.
Maybe someone needs to outfit a strain gauge of the correct form factor and test it in various pockets of various people and see what sort of stresses are typical. If 0% of people have pocket stress sufficient to bend the iPhone 5, and 0.001% of people have pocket stress sufficient to bend the iPhone 6, it is a problem for those 0.001% of people, but not for the rest of us.
Re: Agreement of Consumers test with Famous Mc / I Formula
Why you are assuming that the Note 3/Note 4's bending resistance is the target that Apple should have targeted? If another phone is tested and found to withstand 300 lbs of force, would you say Samsung was in the wrong for not having designed their phones twice as strong?
Re: This story does not support the "nothing to see here" argument
Why does that mean Apple has fucked up? Is the Note 3 the minimum standard of durability that all phones should attain? If it is 2-3x more durable than is necessary, being 60% of its durability is no problem.
If Apple has fucked up, then by your logic HTC has fucked up even more, right? So where's your hatred for them?
"Inevitable recall"? Really?
So where's HTC's recall of the even more bendable M8, which has been known about for months now? Google "bent m8" to see the thread on Android forums.
Are they even the right model for China?
Not all models support TD-SCDMA and TD-LTE required on China Mobile's network, the rest (and all versions other than the 5S model sold for China Mobile's network starting at the beginning of this year) only work on Edge.
Probably China Mobile customers are wise to this fact and wait to insure they get the right model. The ones that are being sold are for customers of the other two (much smaller) carriers, the China Mobile subscribers await the model that supports their carrier's networks.
Also, 6s are probably in less demand than 6 Plus there, the Chinese really like the large phones. A friend who lives there tells me 6" - 7" phones are all the rage with twenty somethings, the bigger the better; even the 6 Plus and Note 4 may be too small for some of them!
As for importers making "only" $150 on each phone....I know I left my tiny violin laying around here somewhere...
Re: Because the flaws were very different
I've noticed it is very difficult to collect dozens of upvotes without one or two random downvotes, even for something that is totally uncontroversial and useful like that post. Some people just hate success I guess, and feel better about themselves by swimming against the tide via downvoting something any right thinking person know deserves an upvote (or at worst, the lack of an upvote)
If someone had a legitimate issue with the content, anyone taking the time to downvote it would have taken the extra 30 seconds to add a one line post with the correction.
Re: I would prefer convenience at the cost of a few deaths
Of all the changes since 9/11, the only one that will actually prevent 9/11 style attacks is reinforcement of cockpit doors. Searching people for box cutters is pointless, I can sharpen the edge of a credit card for a "knife" just as deadly.
Everything else is just reactive. Someone tried to make a shoe bomb, let's make everyone remove their shoes. Someone tried to make an underwear bomb, let's have scanners that can see inside their underwear. Then, oh wait, people don't like that, let's scrap all these machines we spent billions on for these others that just show us as stick figures. Too bad I wasn't in the security industry so I could have gotten in on this giant gravy train.
I really want to see someone try to blow up a plane with a bomb sewn inside their body, to see what ridiculous response they come up with for that.
Re: Very poor system design!
How it is poor system design? People leaving and boarding flights share the same concourse. There is a path for them to exit the concourse into the main area of the airport outside the security perimeter. How exactly do you propose to construct a path that allows people to exit the concourse that doesn't also allow people to enter it?
Short of making it more inconvenient for everyone by having turnstiles, or automatic doors that only open from one direction (which still isn't foolproof if someone isn't paying attention and sees the door open in front of them because someone happened to be coming from the other direction at the same time) it is entirely down to signage, and having some sort of security watching.
In the smaller airport near where I live, there is a hallway about 40 feet wide leading to the concourses. The security is on one side, people who have arrived are exiting the concourse on the other. There is nothing stopping me from walking through that way and bypassing security, other than the TSA drones in the security lane watching. If there was some commotion in the security line that distracted everyone for a moment, I wouldn't be surprised if I could sneak on by.
They probably have someone watching on CCTV, but that assumes he's really paying attention and not looking on other camera to see what the commotion in the line is, or updating Facebook when he's supposed to be working. If he is, I don't feel one whit less safe when flying, because I'm not a moron and know the odds of dying as a result of terrorism are far less than me dying in a car crash on the way to the airport, or slipping in the concourse bathroom and breaking my neck because I didn't read the "wet floor" sign.
Re: Spin, spin, spin
The "spin" here is the from the raving loony Apple haters who happily seize on any flaw, even one that affects a tiny minority, and claim there should be recalls, Apple is terrible, etc.
Google "bent m8" and read the forums, and tell me why HTC didn't recall the M8 if reports of bent phones are enough to convince you that it is necessary and the vendor is in the wrong if they don't.
Re: Apple are bloody delusional:
If you buy from Apple you have 14 days (or maybe it is 28) to return the product for a full refund for any reason. So anyone who had a phone bend in the first few days, or first couple weeks, can exercise that option and tell them that's why they're returning it.
I'd rather buy from them because returns would be much less of a hassle then dealing with retailers who often have restocking fees for electronic items (at least they do in the US)
Re: OK, it's very rare (@captain veg)
If you google "bent m8" you can see there was some discussion about this in Android forums earlier this year. I didn't hear anything in the press about it, but all the attention Apple gets around product launches (which a lot of fandroids hate) is a double edged sword, they also get much more attention around issues like this even if they affect only a small number of people.
Re: "cites disproving the existence of God"
It doesn't matter whether religions are "resistant to such attacks" or not, it is impossible to disprove the existence of God. Anyone at all aware of the scientific method would know it is impossible to disprove.
From that alone I conclude this movie doesn't have any more of a scientific basis than anything else out there. It is purely entertainment, targeted at a general audience but in particular I'll bet designed to appeal to creationists, given their constant reliance on the idea that the eye is something that couldn't have evolved naturally. That's why it is open-ended, so they can feel it confirms their beliefs while not looking stupid to the more intelligent people in the US (not to mention the rest of the world) who know creation "science" isn't.
Creationists continue to incorrectly believe that fallacy that the eye couldn't have evolved, notwithstanding the fact it has done so at least seven times, and the human eye is far from the best design in the animal kingdom. Our blind spots alone (due to poor wiring) are a mistake no intelligent designer would make. If God did that, he's unworthy of the title and should step down and call for a new election.
Need vs want
Too true, I'm not saying no one should be allowed to get gigabit because no one needs it. I'm saying no one should be bent out of shape if some people are only able to attain 100 Mbps where they live instead of a gigabit. It won't handicap their ability to do anything the gigabitters can do.
Anyway, until the internet undergoes some massive upgrades it won't matter because I find even on my piddly 25 Mbps connection (which I could have upgraded six years ago but have chosen not to) the speed limit is set by limitations "out there", hardly ever by the speed of my link.
Since I have VDSL2 and a good ISP, I always get that speed - a lot of people think they need faster because they have a crappy ISP, or cable modems that have a faster speed initially that slows down for longer downloads, and their performance depends on how many of their neighbors are streaming Netflix or using bittorrent.
No you couldn't, the latency would be longer - perhaps significantly longer if your ISP doesn't directly peer with your work's ISP.
Besides, if you could access the servers at work at the same speed as you could while in the office, what does that do for you that accessing them at 100 Mb couldn't? How would that impact your ability to do your job?
I enjoy the irreverent swipes too, but I do expect the articles to at least be factually accurate. Don't care who it is, even Microsoft, if they make statements that aren't true it devalues them as a news outlet and turns them into more of an entertainment outlet.
I'd prefer to be able to rely on them for both at the same time. That's why I come here instead of visiting a news site and an entertainment site separately.
Re: Battery Life?
There is a tiny percentage of people who are or claim to be affected by this with EVERY iOS update. If you won't upgrade until you hear zero problem reports, you'll never perform another software upgrade on anything you own ever again.
"Key features disabled"?
Other than Health Kit, what else was disabled? Nothing? Oh, I see, so it had the typical El Reg slant added then.
While you might have wanted to go out of your way to slant things against Apple if everything was going their way, given the issues they've had the last few weeks it just makes you look stupid when you make stuff up to try to make it sound worse than it was.
Do they even have Russian market share?
Russia already has its own thriving social network, so I doubt it is going to matter all that much to Facebook and Twitter. Nobody in any country uses Google+, so I guess with them they're talking about blogger?
Re: True mission objective
Now you know why Bush and Obama have been keen to talk about going to Mars - they're both avid golfers.
They could save a lot of money by playing Connemara instead. These pictures from Mars remind me of the rocky landscape on that course!
Re: Apparently some people don't understand US securities laws
If you argue that, then no insider should ever be allowed to buy/sell a single share, because they always know what is in the pipeline, or when nothing is in the pipeline, when things are good or bad. The SEC watches these transactions pretty closely, if a CEO who never sells his shares suddenly unloaded half of them a couple months before an expected product turned out to be delayed due to manufacturing difficulties, or he mortgaged everything he owns to buy a bunch of shares a shortly before releasing a flying car, they'd pounce on him.
Cook is selling shares because Apple granted him 1 million shares vesting in pieces over 10 years, which is now 7 million shares after the split. Plus he already had quite a few shares prior to that from the years he worked for Apple. I haven't looked it up, but like many large holders he probably has regular planned sales to diversify his wealth as well as have some cash for doing stuff like buying houses, giving to charity, blowing it on a long drunken weekend in Vegas, or whatever.
Apparently some people don't understand US securities laws
Those who are designated as insiders, like CEOs and other higher ups, have restricted windows in which trading is permitted - well away from earnings announcements. The planned trades have to be registered with the SEC in advance (date(s) and quantity) and the sale or purchase of the stock is conducted at market price.
They would have had no idea about celebgate, bendgate, iOS 8.0.1 getting pulled, the number of sales of iPhones sold, etc. If something had happened which severely dropped stock prices, like another 9/11 style attack on NYC, all stocks would have dropped like a rock including Apple and they would have wished they hadn't sold, etc.
If the Reg wrote articles about Google's insider stock trades, you'd find Larry Page sold nearly 100 million shares of Google worth over half a billion dollars between Sept 8 and Sept 12 (you can find this at Yahoo Finance or any other site that provides stock info) If the logic applied by some commenters was used there, they'd claim he was selling out because he was afraid iPhone 6 would cause Google's stock to tank - indeed it has dropped 20 bucks in the past week since iPhone 6 starting shipping. I'm sure that's just a coincidence, but if you have an agenda, a coincidence will become cause and effect in your comments!
Finally, a use for all those fart apps!
Do they have any that you can put on repeat? That way don't have to keep hitting a button, I can just set my phone on the tray in front of me with the volume at maximum, on the side next to the gabber of course, while I repeatedly high five the passengers in front of and behind me until he gets frustrated and hangs up.
Re: Google's core business is consumer data-processing
Exactly. The data processing including stuff like gathering and providing search results, handling user emails, collecting and display map results, and so on are simply the "cost of goods sold" taken against the revenue of ad sales.
I suppose in this case it is better than the alternative
Since the movie studios would otherwise be flying helicopters which are noisier and cause more damage if they crash.
That's not the case for filling the skies with package delivery drones. They wouldn't be displacing helicopters, they'd be displacing guys on bikes.
Re: A Difference
Why would you leave yourself vulnerable if apps you don't use aren't updated? You can have an unpatched copy of IE 6 on a Windows PC but it doesn't leave you vulnerable to anything unless you use it.
This is getting overblown
People are conflating this with problems this does not create. The circumstances are limited. The outside world has to provide something unchecked/unvalidated content that's being stuffed into environment variables that are passed to bash to set.
This just isn't happening in very many places. When worms are created they'll find a specific instance, like some standard CGI script that is used on a lot of sites, and attack just that one thing. The SSH "issue" is a red herring since I've never seen anyone using ForceCommand except for internal-sftp which since you're running in a chroot environment has no bash available. The DHCP issue is a different one, people would be setting up rogue DHCP servers hoping to catch those using a BSD DHCP client (Macs and iPhones) if those are even vulnerable to an attack using DHCP - I don't think anyone has said they are vulnerable, only that it is possible since they use BSD DHCP client. It could only happen if you tried to connect to a DHCP server run by someone who is trying to attack BSD DHCP clients.
Beyond this, while I'm sure there are plenty of home grown things that would be vulnerable to this, home grown stuff doing THIS with a bash shell will have a ton of vulnerabilities so adding this one doesn't matter. You can't craft an automated attack against this, you have to know what is going on at the other end.
Basically, if you aren't using CGI at all, or at least are sure you aren't using it to pass untrusted data via environment variables, you don't really need to worry about outside attack at this time. Maybe more examples will be forthcoming. Not saying you shouldn't patch, but the sky isn't falling. If you have a Mac or iPhone, until it is certain that the BSD DHCP client can't be tricked into passing environment to the shell or you have patches that fix this, don't connect to random wifi hotspots.
- +Comment Anti-Facebook Ello: Here's why we're still in beta. SPAMGASM!
- Vid+Pics Microsoft WINDOWS 10: Seven ATE Nine. Or Eight did really
- Analysis Windows 10: One for the suits, right Microsoft? Or so one THOUGHT
- Xbox hackers snared US ARMY APACHE GUNSHIP ware - Feds
- George Clooney, WikiLeaks' lawyer wife hand out burner phones to wedding guests