This. RCEs scale so much better than information disclosure bugs like Heartbleed or Meltdown. Shellshock was widely used in the wild too, Heartbleed was barely used at all.https://twitter.com/bcrypt/status/949039225004900353 …
-
-
Shellshock affected lots of *nix servers and was widely used against them. (I'm not saying Meltdown/Spectre isn't relevant to defenders. It obviously is.)
-
Only with dubious configurations that allow invocation of bash across privilege domains (like bash as shell for git-only user).
-
Yes there were a lot of systems affected, but (1) they were already practicing bad security hygiene, and (2) it was a very small % of all ppl, and most/all should have had competent sysadmins prepared to mitigate it.
-
You’re underestimating it.
End of conversation
New conversation -
-
-
Widely used does not translate to widely relevant to defenders. It just means a certain type of defender that attackers like was an easy target.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.