By Sean Michael Kerner | Posted October 23, 2014
Shellshock and the Xen vulnerability. One of these things is not like the other, and an expert says they can teach us a lot about how to disclose security vulnerabilities.
TORONTO: At the annual SecTor Toronto security conference, one of the key highlights for the last several years has been the Fail Panel, which examines the areas where the security industry did not succeed and where lessons of the past have still not been learned.
This year was no exception. At the 2014 edition of the Fail Panel, the major topic of discussion was the big brand-name vulnerabilities like Heartbleed, Shellshock and POODLE and how they are properly -- or in some cases improperly -- disclosed.
Securosis CEO and analyst Rich Mogull took particular aim at the Shellshock vulnerability and how it was disclosed. Shellshock is technically a vulnerability in the BASH (Bourne Again Shell) that could have enabled an attacker to inject and execute arbitrary commands on a vulnerable server.
Full Article
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.