A major flaw in the Bash shell has been discovered, and the Internet is losing its collective mind over it. We discuss the possible far reaching ramifications of the flaw, and the comparisons to Heartbleed.

Plus some solid rumors on the next Nexus device, major iOS 8 update issues, and India’s historical tech event from this week.

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Exclusive: This is ‘Shamu,’ Motorola’s upcoming Nexus 6/X

Google’s upcoming “Nexus 6″ (some claim it will be called “Nexus X”) has long been rumored, and there have been many leaked specifications and details rolling out for quite some time now.

Notably, a report from last month based on specifications leaked via GFXBench seemingly all but confirmed a variety of facts about the device: a 2.6GHz quad-core Snapdragon 805 processor, 3GB of RAM, 32GB of internal storage, a 13-megapixel rear-facing camera, a 2-megapixel front-facing shooter and Android L (surprise, surprise).

The biggest unknown is the screen, but 9to5Google reports 5.92-inch screen, with QHD resolution of 2560 x 1440. This dense screen according to our calculations comes out to be 498 PPI—a fairly impressive number for any smartphone. As such, it’s going to have a battery that is equally impressive, packing 3,200 mAh to power all of those pixels.

Previous reports suggested a 5.2-inch screen instead of the currently rumored 5.92-inch

As for the overall appearance of the device, it’s basically going to be a scaled up 2nd generation Moto X with some minor tweaks to make the larger size easier to use.

Bug in Bash shell creates big security hole on anything with *nix in it | Ars Technica

The bug, discovered by Stephane Schazelas, is related to how Bash processes environmental variables passed by the operating system or by a program calling a Bash-based script. If Bash has been configured as the default system shell, it can be used by network–based attackers against servers and other Unix and Linux devices via Web requests, secure shell, telnet sessions, or other programs that use Bash to execute scripts.

While Bash is often thought of just as a local shell, it is also frequently used by Apache servers to execute CGI scripts for dynamic content (through mod_cgi and mod_cgid). A crafted web request targeting a vulnerable CGI application could launch code on the server. Similar attacks are possible via OpenSSH, which could allow even restricted secure shell sessions to bypass controls and execute code on the server.

Errata Security: Bash bug as big as Heartbleed

Today’s bash bug is as big a deal as Heartbleed. That’s for many reasons.

The first reason is that the bug interacts with other software in unexpected ways. We know that interacting with the shell is dangerous, but we write code that does it anyway. An enormous percentage of software interacts with the shell in some fashion. Thus, we’ll never be able to catalogue all the software out there that is vulnerable to the bash bug. This is similar to the OpenSSL bug: OpenSSL is included in a bajillion software packages, so we were never able to fully quantify exactly how much software is vulnerable.

The second reason is that while the known systems (like your web-server) are patched, unknown systems remain unpatched. We see that with the Heartbleed bug: six months later, hundreds of thousands of systems remain vulnerable. These systems are rarely things

For the record, cygwin is vulnerable, as well as bash-3.1 from 2005 pic.twitter.com/yYtVnPlTAJ

— Robert Graham (@ErrataRob) September 25, 2014

First attacks using ‘shellshock’ Bash bug discovered

AusCERT earlier yesterday also claimed to have received reports the bug was being exploited in the wild.

Meanwhile, security researcher Robert Graham claims to have found at least 3,000 systems vulnerable to the bug. However Graham’s scan only looked at systems on port 80; the researcher noted embedded webservers on odd ports are the real danger and a scan for these “would give a couple times more results”.

Check our self:

There is an easy test to determine if a Linux or Unix system is vulnerable. To check your system, from a command line, type:

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

If the system is vulnerable, the output will be:

vulnerable
 this is a test

An unaffected (or patched) system will output:

 bash: warning: x: ignoring function definition attempt
 bash: error importing function definition for `x'
 this is a test

Jupiter Broadcasting at Ohio LinuxFest

Going to Ohio LinuxFest? Join our Google+ event for future meetup plans!

iOS 8.0.1 Causing No Service, Touch ID Issues on iPhone 6/6 Plus, Apple Support Recommends iTunes Restore – Mac Rumors

Following the release of iOS 8.0.1 this morning, numerous of users found that their cellular service was disabled, reporting “No Service” messages after updating. Affected users also appear to be experiencing problems with Touch ID, which seems to be completely non-functional.

It appears that the issue is limited to users who have an iPhone 6 or an iPhone 6 Plus, but affected devices span several carriers.

Apple support has also recommended restoring iOS 8.0.1 via iTunes to fix the problem.

OS 8.0.1 is no longer available via an over-the-air download.

Apple says that it is actively investigating reports of problems and has pulled iOS 8.0.1 in the meantime. The company also says that it will provide information as quickly as it can.

Upcoming price increase for NEW Plex Pass subscriptions – Plex Blog : Plex Blog

So on September 29, 2014 we’ll be making some changes to our Plex Pass subscription rates for new subscribers:

• Monthly Plex Pass subscriptions will increase from $3.99 to $4.99 per month.
• Annual Plex Pass subscriptions will increase from $29.99 to $39.99 per year.
• Lifetime Plex Passes will increase from $74.99 to $149.99.

India’s Mars mission could be a giant leap | Priyamvada Gopal | Comment is free | The Guardian

After a journey of 300 days and 420 million miles, an Indian satellite has arrived in orbit around Mars. To have done so on an economy ticket — at $74m “the cheapest interplanetary mission ever to be undertaken by the world”, according to the mission’s leader