[kwlug-disc] Vulnerability in bash
CrankyOldBugger
crankyoldbugger at gmail.com
Thu Sep 25 13:38:55 EDT 2014
Oh, I agree that this has serious implications, but we could probably deal
with it much better without the press causing all sorts of problems.
We especially don't need the press blowing this out of proportion to the
point where (ordinary) people start questioning Linux's security. After
Heartbleed, this is another reason for the (uninformed) CIO or CEO to go
running back to Microsoft.
I'm going to assume that everyone in this mailing list knows that Linux and
FOSS is better than proprietary software, but there are people out there
who actually let the CBC and FOX tell them what to believe. Stories like
Heartbleed and Shellshock sells papers, so the media will try to milk it
for far more than its worth.
On 25 September 2014 12:12, Khalid Baheyeldin <kb at 2bits.com> wrote:
> On Thu, Sep 25, 2014 at 11:55 AM, CrankyOldBugger <
> crankyoldbugger at gmail.com> wrote:
>
>> And now "some experts" are referring to this as the "Shellshock"
>> vulnerability.
>>
>> Commence Public Mass Hysteria in three, two, one...
>>
>
> Well, this one is real scary.
>
> If requests via the web server can execute arbitrary shell commands, it is
> scary.
>
> What is more scary is that a 25 year old mature piece of software can have
> such a gaping hole in it exploitable remotely.
>
> What about non-mature, less tested software, specially new comers that are
> being widely adopted (systemd ...)
>
> --
> Khalid M. Baheyeldin
> 2bits.com, Inc.
> Fast Reliable Drupal
> Drupal optimization, development, customization and consulting.
> Simplicity is prerequisite for reliability. -- Edsger W.Dijkstra
> Simplicity is the ultimate sophistication. -- Leonardo da Vinci
> For every complex problem, there is an answer that is clear, simple, and
> wrong." -- H.L. Mencken
>
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20140925/4ace60ac/attachment.htm>
More information about the kwlug-disc
mailing list