Quote:
Originally Posted by FlameOn
Thank goodness this was discovered earlier and people can do something about it. Heartbleed it was more people found out about it after the fact it had already been widely exploited no?
As far as I can tell, this would affect everything including routers, web servers and all sorts of networking equipment that used embedded linux/Unix as well. Hopefully everything gets patched pretty quick but there will always be private things or companies with lazy/oblivious employees.
I really wonder if this is one of those "NSA purposely left wide open exploits" that someone just happened to discover now.
|
The problem with shellshock isn't so much that it was caught before widespread exploitation, but in the fact that it is an exploit of ancient code within Bash that related to features nobody even really uses. So far, there are at least four separate CVE articles assigned to various aspects of this - they patched for one test case, then discovered another, and another, and another...
So now we probably have a race between security researchers and "hackers" to find other exploits in ancient code. It's almost looking like fighting a hydra. Cut off one head, discover another.
As an aside, I am loving the fact that Windows PCs are unaffected, but Macs have some risk. Minimal as it is, there are people freaking out because Apple doesn't have a patch yet.