Exactly.

How is a nonprofessional, unfamiliar with the inner workings, to determine what, if any, risk exists from any given device?

In this case, if ASUS does not provide an official assessment of each of its products, along with clear steps to mitigate risk for those devices that have exposure, what are people who depend on those devices to do?

Yes I even went to their website to look for any kind of press release, with some sort of statement.

Some Manufacturers/Vendors are starting to do the "Right Thing" even when none of their products are exposed to this. Just by simply make a press release stating such.

I am starting to actually start judging some of these companies suddenly by them not taking the minimal time, required to simply do that. Especially more so when you know that their product contain software that has been announced to have some exposure to this and your not exactly sure if the way that software was implemented is safe.

Don

There are now Seven not Six any longer "Bash" AKA Shellshock vulnerabilities which have been located as of 10/04/2014 4:00 PM CTD time.

These are NEW items added to the list. To see the complete list of all items posted here. Please see the links at the bottom of this post.

McAffee Products has fixes for Bash AKA Shellshock now:

https://kc.mcafee.com/corporate/inde...SB10085#status

Symantec Products has fixes for Bash AKA Shellshock now:

http://www.symantec.com/outbreak/?id=shellshock

Avaya Products has fixes for Bash AKA Shellshock now:

https://support.avaya.com/helpcenter...26131554370002

Kace Endpoint Systems Management Products has fixes for Bash AKA Shellshock now:

http://www.kace.com/support/resource...ail?sol=133716

Riverbed Products has fixes for Bash AKA Shellshock now:

https://supportkb.riverbed.com/suppo...tent&id=S24997

Untangle Products has fixes for Bash AKA Shellshock now:

https://support.untangle.com/hc/en-u...ts-vulnerable-

pfSense Products has fixes for Bash AKA Shellshock now:

https://www.pfsense.org/security/adv...8.packages.asc

Additional Bash Flaws Show Weakness of Original Shellshock Patch now:

http://www.infosecurity-magazine.com...laws-original/

Windows What to understand and know about Bash AKA Shellshock vulnerabilities:

http://grandstreamdreams.blogspot.co...d-linkage.html

Bash AKA Shellshock vulnerabiltiy determined to have been present since at least 12/08/1991. Investigation contunues on how far back it goes:

http://www.openwall.com/lists/oss-security/2014/10/04/2

For the complete list of located products posted here. Please go here:

http://board.homeseer.com/showpost.p...20&postcount=9

For more information including "Proper" testing methods. Please go to the top of this thread here:

http://board.homeseer.com/showpost.p...99&postcount=1

Don

Thank-you Don.

You are very welcome.

Added information to the list for Android, Apple and Windows which includes a derivate which can/could be worth looking into for Windows systems as well:

http://board.homeseer.com/showpost.p...20&postcount=9

Don