W dniu 30.09.2014 o 11:55, Lodewijk andré de la porte pisze: > Heartbleed was a memory leak that eventually, after carefully calculated > exploiting, can lead to a remote root. > > Shellshock depends on a lot of environmental details, but is possible > little more than a hard to reach shell with elevated permissions. > > I guess heartbleed was actually worse. Who runs webscripts and stuff in > root? That's really foolhardy. But using OpenSSL ... We usually thought > it good practice! >
Agree, heartbleed was a bigger problem, though I think I know why so many people panic because of this. My theory is, with heartbleed most folks thought they were unaffected, cause not many noob people run a webserver. But with shellshock they can test this on their own machine, with just 1 line of code and see the "vulnerable" message, so suddenly this is a big deal for them. So, don't panic & stay cool, unless you have some badly configured servers or have a habit of running everything on your workstation without checking. But then you got bigger problems than this ;-). -- Łukasz "Cyber Killer" Korpalski mail: [email protected] xmpp: [email protected] site: http://website.cybkil.cu.cc gpgkey: 0x72511999 @ hkp://keys.gnupg.net //When replying to my e-mail, kindly please //write your message below the quoted text.
signature.asc
Description: OpenPGP digital signature
