read the question carefuly before you bid on it

Oct 5th, 2014
KateS
Category:
Computer Science
Price: $10 USD

Question description

When SANS has three lead articles on one topic, you know it is a BIG deal.  Read one of the articles below and write a paragraph summarizing it.  The third item is of particular interest as we are discussing program development controls and their impact on secure/trusted software this week.
TOP OF THE NEWS
Bash Shellshock Flaw (September 25, 2014)

A serious flaw in a software component called Bash is said to be more serious that the Heartbleed vulnerability that was disclosed earlier this year. The flaw, which is being called Shellshock, can be exploited to remotely take control of vulnerable systems. It affects an estimated 500 million UNIX and LINUX machines. Bash, or the GNU Bourne Again Shell, is a command prompt on many Unix systems. The US Computer Emergency Response Team (US-CERT) has issued a warning and is urging admins to patch the flaw. Others have expressed concern that the patches that have been made available are incomplete. -http://www.bbc.com/news/technology-29361794 -http://www.csmonitor.com/Innovation/Latest-News-Wires/2014/0925/Cybersecurity-Wh at-is-the-Bash-Shellshock-bug -http://krebsonsecurity.com/2014/09/shellshock-bug-spells-trouble-for-web-securit y/ -http://arstechnica.com/security/2014/09/concern-over-bash-vulnerability-grows-as -exploit-reported-in-the-wild/ -https://www.us-cert.gov/ncas/current-activity/2014/09/24/Bourne-Again-Shell-Bash -Remote-Code-Execution-Vulnerability [Editor Comment (Northcutt): The advice they  are giving us at SANS is be careful about any unusual attachments. That's always a smart idea. ]

Shellshock Flaw is Being Actively Exploited (September 25, 2014)

There are reports that attackers have already begun exploiting this flaw to infect vulnerable servers around the world. -http://www.eweek.com/security/linux-malware-uses-shellshock-flaw-to-infiltrate-w eb-servers.html -http://www.zdnet.com/first-attacks-using-shellshock-bash-bug-discovered-70000340 44/ -http://www.wired.com/2014/09/hackers-already-using-shellshock-bug-create-botnets -ddos-attacks/

Shellshock May Further Marginalize Open Source Software (September 25, 2014)

http://www.nytimes.com/2014/09/26/technology/security-experts-expect-shellshock- software-bug-to-be-significant.html?ref=technology&_r=0Nicole Perlroth's article in the New York Times tells the story of how Bash and its flaw came to be. The most impactful paragraph in her story may be the final one, where she wrote, 'The mantra of open source was perhaps best articulated by Eric S. Raymond, one of the elders of the open-source movement, who wrote in 1997 that "given enough eyeballs, all bugs are shallow." But, in this case, Steven M. Bellovin, a computer science professor at Columbia University, said, those eyeballs are more consumed with new features than quality. "Quality takes work, design, review and testing and those are not nearly as much fun as coding," Mr. Bellovin said. "If the open-source community does not develop those skills, it's going to fall further behind in the quality race."' -

Source - http://www.sans.org/newsletters/newsbites/newsbites.php?vol=16&issue=77


Tutor Answer

(Top Tutor) Daniel C.
(997)
School: Duke University
PREMIUM TUTOR

Studypool has helped 1,244,100 students

8 Reviews


Summary
Quality
Communication
On Time
Value
Five Star Tutor
Dec 5th, 2016
" Outstanding Job!!!! "
SjSurvivor143
Nov 20th, 2016
" Thanks for the help. "
Joemoe
Nov 7th, 2016
" <3 it, thanks for saving me time. "
tinytim47
Oct 29th, 2016
" Wow this is really good.... didn't expect it. Sweet!!!! "
pmallory
Oct 24th, 2016
" Totally impressed with results!! :-) "
mixedballz
Oct 15th, 2016
" excellent work as always thanks for the help "
kiln82
Oct 2nd, 2016
" awesome work thanks "
darnay
Sep 23rd, 2016
" The best tutor out there!!!! "
Ask your homework questions. Receive quality answers!

Type your question here (or upload an image)

1830 tutors are online

Brown University





1271 Tutors

California Institute of Technology




2131 Tutors

Carnegie Mellon University




982 Tutors

Columbia University





1256 Tutors

Dartmouth University





2113 Tutors

Emory University





2279 Tutors

Harvard University





599 Tutors

Massachusetts Institute of Technology



2319 Tutors

New York University





1645 Tutors

Notre Dam University





1911 Tutors

Oklahoma University





2122 Tutors

Pennsylvania State University





932 Tutors

Princeton University





1211 Tutors

Stanford University





983 Tutors

University of California





1282 Tutors

Oxford University





123 Tutors

Yale University





2325 Tutors