Speaking of Shellshock, please check out an in-depth review of the shellshock vulnerability, exploit and patch here:
http://blog.a1logic.com/2014/09/shellshock-vulnerability-patch-and.html Thanks. On Mon, Oct 20, 2014 at 5:00 AM, <langsec-discuss-requ...@mail.langsec.org> wrote: > Send langsec-discuss mailing list submissions to > langsec-discuss@mail.langsec.org > > To subscribe or unsubscribe via the World Wide Web, visit > https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss > or, via email, send a message with subject or body 'help' to > langsec-discuss-requ...@mail.langsec.org > > You can reach the person managing the list at > langsec-discuss-ow...@mail.langsec.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of langsec-discuss digest..." > > > Today's Topics: > > 1. Re: [oss-security] Thoughts on Shellshock and beyond > (Felix 'FX' Lindner) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Sun, 19 Oct 2014 18:19:37 +0200 > From: Felix 'FX' Lindner <f...@recurity-labs.com> > To: Michal Zalewski <lcam...@coredump.cx> > Cc: langsec-discuss@mail.langsec.org > Subject: Re: [langsec-discuss] [oss-security] Thoughts on Shellshock > and beyond > Message-ID: > <20141019181937.f9a77801020dd12936665...@recurity-labs.com> > Content-Type: text/plain; charset=US-ASCII > > Hi, > > On Tue, 7 Oct 2014 08:39:26 -0700 Michal Zalewski <lcam...@coredump.cx> > wrote: > > Sometimes, efforts like this fail simply due to bad timing or bad > > luck; but most of the time, they just produce solutions that are > > unusable, unappealing, or otherwise difficult to work with. > > This nicely describes using a condom. > > The question is: Based on which criteria does one recommend or reject > a solution. How do you evaluate each criterium and how do you weight > your evaluation results? > > > Usable and practical security is hard, and we don't really have all > > the answers there - we can barely scratch the surface today. > > Could you give an example of what you mean by "Usable and practical > security" in the world (outside computers)? It obviously should be > something that is constantly attacked. > > Thanks > FX > > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > langsec-discuss mailing list > langsec-discuss@mail.langsec.org > https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss > > > ------------------------------ > > End of langsec-discuss Digest, Vol 26, Issue 3 > ********************************************** > -- My Blog: http://www.neilscomputerblog.blogspot.com/ Twitter: @neilsikka
_______________________________________________ langsec-discuss mailing list langsec-discuss@mail.langsec.org https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss
