Devs rushed to roll SSL certs for Heartbleed, before it was proven you could steal keys. Remote code execution? Most just patch and shrug.
-
-
Replying to @brynary
@brynary Should they have waited to re-issue certs? Not patched after Shellshock? Don't get your point.1 reply 0 retweets 0 likes -
Replying to @thomasfuchs
@thomasfuchs@brynary Think it is "20 year vulnerability window for arbitrary remote code execution would suggest retrospective remedy."2 replies 0 retweets 0 likes -
Replying to @patio11
@thomasfuchs@brynary Good to ponder. I'm absolutely not going to spend two weeks auditing to confirm no exploit. But I understand impulse.2 replies 0 retweets 0 likes -
Replying to @patio11
@patio11@thomasfuchs@brynary only takes a couple minutes with ansible: https://raymii.org/s/articles/Patch_CVE-2014-6271_Shellshock_with_Ansible.html … (I added debug just to show vuln)3 replies 0 retweets 1 like
@jschoolcraft @thomasfuchs @brynary I meant "audit that, in the 20 years this has been exploitable, that I have not been exploited."
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.