This. RCEs scale so much better than information disclosure bugs like Heartbleed or Meltdown. Shellshock was widely used in the wild too, Heartbleed was barely used at all.https://twitter.com/bcrypt/status/949039225004900353 …
Only with dubious configurations that allow invocation of bash across privilege domains (like bash as shell for git-only user).
-
-
Yes there were a lot of systems affected, but (1) they were already practicing bad security hygiene, and (2) it was a very small % of all ppl, and most/all should have had competent sysadmins prepared to mitigate it.
-
You’re underestimating it.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.