Toddimus Posted September 25, 2014 Posted September 25, 2014 Not to be alarmist... but I just read this article on CNN and it sounds like the Linux based OS of the ISY could be vulnerable to the newest hit amongst the hackers out there: The "Bash Bug"... http://money.cnn.com/2014/09/24/technology/security/bash-bug/index.html?hpt=hp_t2 Just wanted to raise the flag to the powers that be. -Todd
Mike Ippolito Posted September 25, 2014 Posted September 25, 2014 We wrote our own RTOS, it is not Linux based. Your 'status' is safe with us. Sent from my iPhone using Tapatalk
Toddimus Posted September 25, 2014 Author Posted September 25, 2014 Mike, Awesome! Thanks for the info. I had always thought it was Linux based. I guess my Raspberry Pi would be vulnerable though. I'm not currently using it, but had planned to integrate it into the system. Cheers, Todd
apostolakisl Posted September 25, 2014 Posted September 25, 2014 I don't know much about this, except that as I read other articles it would seem that it is not as simple as being a "linux" problem. It seems to be this "bash" interface which may or may not be a part of any particular linux system and could be part of non linux, unix based systems.
Michel Kohanim Posted September 26, 2014 Posted September 26, 2014 Hello everyone, As Mike suggested, ISY is not Linux based and we do not use bash and neither do we use environment variables. Furthermore, out of concern for security, we do not parse or do anything with HTTP headers that we do not like. For instance, there's really no way to put a ping command in an http header and have ISY ping the device. With kind regards, Michel
Recommended Posts