WWW.ILTANET.ORG 83
Subject: BASH
Given the severity of the Bash shell code bug, we are reaching
out to all our relevant product and service vendors to see if
they are vulnerable. Is anyone else doing this?
Peter Kaomea
Chief Information Officer
Sullivan & Cromwell LLP
We set up alerts in our vulnerability management platform to
fire on both CVE-2014-6271 and CVE-2014-7169 (there might
be more to come). We've heard from two vendors with Unix-
variant appliances that had vulnerabilities and patches are
already forthcoming. If you have a Web server running on a
Linux/Unix platform, be particularly concerned; this can be
exploited without authentication and be made wormable.
William Kyrouz
Senior Manager of Information Security & Governance
Bingham McCutchen LLP
Here's a helpful summary of affected systems:
http://www.kb.cert.org/vuls/byvendor?
searchview&Query=FIELD+Reference=252743&SearchOrder=4
Dustin Davies
Chief Technology Officer
Spilman Thomas & Battle, PLLC
OVERHEARD ON
E-GROUPS
Do you have a legal IT-related question that you'd like to ask your ILTA peers?
With over 50 different e-groups sharing knowledge, you can find a network of
members to provide feedback on your specific area of interest. You may also
search past e-group threads, and don't forget to provide input if you have
expertise in a topic of discussion. To log on and participate, visit ILTA's website
and click on E-Groups.
Congratulations to the 2014
Distinguished
Peer Awards
WINNERS!
Find the list of winners as well as
short video submissions from all of
the nominees at awards.iltanet.org.
Find the list of
winners off of the
publications tab at
iltanet .org.
CONGRATULATIONS
WINNERS!