Devs rushed to roll SSL certs for Heartbleed, before it was proven you could steal keys. Remote code execution? Most just patch and shrug.
@thomasfuchs @brynary Think it is "20 year vulnerability window for arbitrary remote code execution would suggest retrospective remedy."
-
-
@thomasfuchs@brynary Good to ponder. I'm absolutely not going to spend two weeks auditing to confirm no exploit. But I understand impulse. -
@patio11@thomasfuchs@brynary only takes a couple minutes with ansible: https://raymii.org/s/articles/Patch_CVE-2014-6271_Shellshock_with_Ansible.html … (I added debug just to show vuln) - 1 more reply
New conversation -
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.