1 00:00:01,680 --> 00:00:03,669 covering the week's top tech stores 2 00:00:03,669 --> 00:00:03,679 covering the week's top tech stores 3 00:00:03,679 --> 00:00:06,869 covering the week's top tech stores with a slight linux bias ubuntu has 4 00:00:06,869 --> 00:00:06,879 with a slight linux bias ubuntu has 5 00:00:06,879 --> 00:00:08,790 with a slight linux bias ubuntu has fixed a handful of bugs that standard 6 00:00:08,790 --> 00:00:08,800 fixed a handful of bugs that standard 7 00:00:08,800 --> 00:00:11,270 fixed a handful of bugs that standard users could use to become root 8 00:00:11,270 --> 00:00:11,280 users could use to become root 9 00:00:11,280 --> 00:00:13,589 users could use to become root ubuntu developers have fixed a series of 10 00:00:13,589 --> 00:00:13,599 ubuntu developers have fixed a series of 11 00:00:13,599 --> 00:00:15,270 ubuntu developers have fixed a series of vulnerabilities that made it easy for 12 00:00:15,270 --> 00:00:15,280 vulnerabilities that made it easy for 13 00:00:15,280 --> 00:00:17,269 vulnerabilities that made it easy for standard users to gain coveted 14 00:00:17,269 --> 00:00:17,279 standard users to gain coveted 15 00:00:17,279 --> 00:00:19,750 standard users to gain coveted root privileges kevin backhouse a 16 00:00:19,750 --> 00:00:19,760 root privileges kevin backhouse a 17 00:00:19,760 --> 00:00:21,670 root privileges kevin backhouse a researcher at github wrote in a post 18 00:00:21,670 --> 00:00:21,680 researcher at github wrote in a post 19 00:00:21,680 --> 00:00:23,189 researcher at github wrote in a post published last tuesday 20 00:00:23,189 --> 00:00:23,199 published last tuesday 21 00:00:23,199 --> 00:00:24,870 published last tuesday with a few simple commands in the 22 00:00:24,870 --> 00:00:24,880 with a few simple commands in the 23 00:00:24,880 --> 00:00:26,870 with a few simple commands in the terminal and a few mouse clicks 24 00:00:26,870 --> 00:00:26,880 terminal and a few mouse clicks 25 00:00:26,880 --> 00:00:28,470 terminal and a few mouse clicks a standard user can create an 26 00:00:28,470 --> 00:00:28,480 a standard user can create an 27 00:00:28,480 --> 00:00:31,029 a standard user can create an administrator account for themselves 28 00:00:31,029 --> 00:00:31,039 administrator account for themselves 29 00:00:31,039 --> 00:00:32,790 administrator account for themselves the first series of commands triggered a 30 00:00:32,790 --> 00:00:32,800 the first series of commands triggered a 31 00:00:32,800 --> 00:00:35,190 the first series of commands triggered a denial of service bug in daemons used to 32 00:00:35,190 --> 00:00:35,200 denial of service bug in daemons used to 33 00:00:35,200 --> 00:00:37,590 denial of service bug in daemons used to manage user accounts on the computer 34 00:00:37,590 --> 00:00:37,600 manage user accounts on the computer 35 00:00:37,600 --> 00:00:39,830 manage user accounts on the computer when done correctly ubuntu would restart 36 00:00:39,830 --> 00:00:39,840 when done correctly ubuntu would restart 37 00:00:39,840 --> 00:00:41,590 when done correctly ubuntu would restart and open a window that allowed the user 38 00:00:41,590 --> 00:00:41,600 and open a window that allowed the user 39 00:00:41,600 --> 00:00:43,030 and open a window that allowed the user to create a new account 40 00:00:43,030 --> 00:00:43,040 to create a new account 41 00:00:43,040 --> 00:00:45,350 to create a new account that had root privileges this is the 42 00:00:45,350 --> 00:00:45,360 that had root privileges this is the 43 00:00:45,360 --> 00:00:46,790 that had root privileges this is the setup screen that you would normally see 44 00:00:46,790 --> 00:00:46,800 setup screen that you would normally see 45 00:00:46,800 --> 00:00:48,310 setup screen that you would normally see when you're installing ubuntu for the 46 00:00:48,310 --> 00:00:48,320 when you're installing ubuntu for the 47 00:00:48,320 --> 00:00:49,510 when you're installing ubuntu for the first time 48 00:00:49,510 --> 00:00:49,520 first time 49 00:00:49,520 --> 00:00:51,270 first time it means that junior is able to create a 50 00:00:51,270 --> 00:00:51,280 it means that junior is able to create a 51 00:00:51,280 --> 00:00:52,869 it means that junior is able to create a new user account for himself 52 00:00:52,869 --> 00:00:52,879 new user account for himself 53 00:00:52,879 --> 00:00:54,150 new user account for himself and this time it's going to be an 54 00:00:54,150 --> 00:00:54,160 and this time it's going to be an 55 00:00:54,160 --> 00:00:58,470 and this time it's going to be an administrator account 56 00:00:58,470 --> 00:00:58,480 administrator account 57 00:00:58,480 --> 00:01:01,510 administrator account all done so now he just has to wait a 58 00:01:01,510 --> 00:01:01,520 all done so now he just has to wait a 59 00:01:01,520 --> 00:01:05,030 all done so now he just has to wait a few more seconds 60 00:01:05,030 --> 00:01:05,040 61 00:01:05,040 --> 00:01:08,070 and he's in here he's going to quickly 62 00:01:08,070 --> 00:01:08,080 and he's in here he's going to quickly 63 00:01:08,080 --> 00:01:09,910 and he's in here he's going to quickly open a terminal again so that he can run 64 00:01:09,910 --> 00:01:09,920 open a terminal again so that he can run 65 00:01:09,920 --> 00:01:12,070 open a terminal again so that he can run id to show that the new account 66 00:01:12,070 --> 00:01:12,080 id to show that the new account 67 00:01:12,080 --> 00:01:14,469 id to show that the new account called indiana is an administrator 68 00:01:14,469 --> 00:01:14,479 called indiana is an administrator 69 00:01:14,479 --> 00:01:15,990 called indiana is an administrator account 70 00:01:15,990 --> 00:01:16,000 account 71 00:01:16,000 --> 00:01:17,830 account so there you can see that indiana is in 72 00:01:17,830 --> 00:01:17,840 so there you can see that indiana is in 73 00:01:17,840 --> 00:01:19,590 so there you can see that indiana is in the sudo group which means that he's an 74 00:01:19,590 --> 00:01:19,600 the sudo group which means that he's an 75 00:01:19,600 --> 00:01:20,630 the sudo group which means that he's an administrator 76 00:01:20,630 --> 00:01:20,640 administrator 77 00:01:20,640 --> 00:01:22,310 administrator the second bug involved in the hack 78 00:01:22,310 --> 00:01:22,320 the second bug involved in the hack 79 00:01:22,320 --> 00:01:24,789 the second bug involved in the hack resided in the gnome display manager 80 00:01:24,789 --> 00:01:24,799 resided in the gnome display manager 81 00:01:24,799 --> 00:01:27,030 resided in the gnome display manager which among other things manages user 82 00:01:27,030 --> 00:01:27,040 which among other things manages user 83 00:01:27,040 --> 00:01:29,350 which among other things manages user sessions and the login screen 84 00:01:29,350 --> 00:01:29,360 sessions and the login screen 85 00:01:29,360 --> 00:01:31,270 sessions and the login screen the display manager also triggers the 86 00:01:31,270 --> 00:01:31,280 the display manager also triggers the 87 00:01:31,280 --> 00:01:33,270 the display manager also triggers the initial setup of the os when it detects 88 00:01:33,270 --> 00:01:33,280 initial setup of the os when it detects 89 00:01:33,280 --> 00:01:35,910 initial setup of the os when it detects no users currently exist 90 00:01:35,910 --> 00:01:35,920 no users currently exist 91 00:01:35,920 --> 00:01:37,590 no users currently exist since it verifies whether an account 92 00:01:37,590 --> 00:01:37,600 since it verifies whether an account 93 00:01:37,600 --> 00:01:39,270 since it verifies whether an account exists or not by asking 94 00:01:39,270 --> 00:01:39,280 exists or not by asking 95 00:01:39,280 --> 00:01:41,350 exists or not by asking accounts damon if that damon is locked 96 00:01:41,350 --> 00:01:41,360 accounts damon if that damon is locked 97 00:01:41,360 --> 00:01:43,670 accounts damon if that damon is locked up it will think there are no accounts 98 00:01:43,670 --> 00:01:43,680 up it will think there are no accounts 99 00:01:43,680 --> 00:01:45,510 up it will think there are no accounts the vulnerabilities could be triggered 100 00:01:45,510 --> 00:01:45,520 the vulnerabilities could be triggered 101 00:01:45,520 --> 00:01:47,350 the vulnerabilities could be triggered only when someone had access to 102 00:01:47,350 --> 00:01:47,360 only when someone had access to 103 00:01:47,360 --> 00:01:49,590 only when someone had access to and a valid account on a vulnerable 104 00:01:49,590 --> 00:01:49,600 and a valid account on a vulnerable 105 00:01:49,600 --> 00:01:50,789 and a valid account on a vulnerable machine 106 00:01:50,789 --> 00:01:50,799 machine 107 00:01:50,799 --> 00:01:52,950 machine it worked only on desktop versions of 108 00:01:52,950 --> 00:01:52,960 it worked only on desktop versions of 109 00:01:52,960 --> 00:01:54,149 it worked only on desktop versions of ubuntu 110 00:01:54,149 --> 00:01:54,159 ubuntu 111 00:01:54,159 --> 00:01:57,109 ubuntu maintainers of the open source ubuntu os 112 00:01:57,109 --> 00:01:57,119 maintainers of the open source ubuntu os 113 00:01:57,119 --> 00:01:58,069 maintainers of the open source ubuntu os patched the bugs 114 00:01:58,069 --> 00:01:58,079 patched the bugs 115 00:01:58,079 --> 00:02:01,270 patched the bugs last week big thanks to roy w nash and 116 00:02:01,270 --> 00:02:01,280 last week big thanks to roy w nash and 117 00:02:01,280 --> 00:02:02,950 last week big thanks to roy w nash and our community of viewers for submitting 118 00:02:02,950 --> 00:02:02,960 our community of viewers for submitting 119 00:02:02,960 --> 00:02:04,550 our community of viewers for submitting stories to us this week 120 00:02:04,550 --> 00:02:04,560 stories to us this week 121 00:02:04,560 --> 00:02:06,469 stories to us this week thanks for watching the category 5 dot 122 00:02:06,469 --> 00:02:06,479 thanks for watching the category 5 dot 123 00:02:06,479 --> 00:02:09,029 thanks for watching the category 5 dot tv newsroom don't forget to like and 124 00:02:09,029 --> 00:02:09,039 tv newsroom don't forget to like and 125 00:02:09,039 --> 00:02:11,110 tv newsroom don't forget to like and subscribe for all your tech news with a 126 00:02:11,110 --> 00:02:11,120 subscribe for all your tech news with a 127 00:02:11,120 --> 00:02:12,630 subscribe for all your tech news with a slight linux bias 128 00:02:12,630 --> 00:02:12,640 slight linux bias 129 00:02:12,640 --> 00:02:14,550 slight linux bias and if you appreciate what we do become 130 00:02:14,550 --> 00:02:14,560 and if you appreciate what we do become 131 00:02:14,560 --> 00:02:16,869 and if you appreciate what we do become a patron at patreon.com 132 00:02:16,869 --> 00:02:16,879 a patron at patreon.com 133 00:02:16,879 --> 00:02:19,510 a patron at patreon.com category five from the category five dot 134 00:02:19,510 --> 00:02:19,520 category five from the category five dot 135 00:02:19,520 --> 00:02:23,010 category five from the category five dot tv newsroom i'm becca ferguson 136 00:02:23,010 --> 00:02:23,020 tv newsroom i'm becca ferguson 137 00:02:23,020 --> 00:02:48,550 tv newsroom i'm becca ferguson [Music] 138 00:02:48,550 --> 00:02:48,560 139 00:02:48,560 --> 00:02:57,030 [Music] 140 00:02:57,030 --> 00:02:57,040 141 00:02:57,040 --> 00:02:59,120 you