So this bug was around for 20 or so years before found and exploited, what went wrong Sup Forums? how could they have avoided something this bad from the beginning.
was this due to laziness? lack of testing? or a simply overlooked design flaw?
So this bug was around for 20 or so years before found and exploited, what went wrong Sup Forums...
Blake Lewis
Other urls found in this thread:
theregister.co.uk
twitter.com
Jaxson Stewart
Nice deflection attempt wincuck, but there's no comparison between an attack which requires local access and a default network service which gives full remote access. Sage/
Nathan Garcia
Not him, but I would actually like to know.
Jayden Jones
how could have shellshock been avoided then??
Andrew Cook
someones butthurt
Jose Green
If linux was the common OS, then more people would spend time trying to find flaws in it and making tools to exploit others. Considering that Windows is the most common OS and is default installed on most store bought computer, it only makes sense that an attacker would use the wider surface area to be as effective as possible.
That is compounded by the fact that most exploits require someone to take the bait.
Henry Smith
Actually, Linux exploits sell pretty well.
Jace Roberts
Design of computer software is more intangible than you think it is. It's not a matter of routinely testing every possible combination of things until you find one that happens to not work right
Things are more designed to work ubiquitously and never even allow a scenario where it could be exploited. For instance, encrypted data that never even stores the data in plain text.
Finding ways to exploit these kind of things takes a special kind of genius. It might look straightforward but there's several concepts regarding computer architecture creating a weird roundabout exploit.
Samuel Harris
I bet they do. My assumption is that an individual looking for a Linux exploit would likely be going after the infrastructure of a business, whereas a random ransomware would be going for the lowest common denominator.
That lowest common denominator being Windows users without much computer knowledge/experience.
Ian Mitchell
Linux doesn't have a complex remote protocol listener out of the box. Windaids default netbios/smb services have always been a vector for remote admin access that are difficult to defend because microshit infrastructure is so dependent on them.
In contrast, Linux infrastructure is based on the same infrastructure of the internet and is designed for the ravages of the raw internet.
Local privilege escalation attacks will remain, and Windows is known to be full of them just see the most recent pwn2own. Whereas shellshock was a very subtle error which required skill to exploit and would require tricking someone into saving a shell script, making it executable and running it.
Wincucks pass the buck again, but I'll rely on free software any day over your garbage.
Caleb Brown
>required skill to exploit and would require tricking someone into saving a shell script, making it executable and running it
Actually, the real vulnerability was really stupidly configured webservers that ran user-input through a shell somehow.
Ryan White
That's exceedingly rare and would require exceeding amounts of wilful incompetence to get into play. A far cry from a default service on every single windows installation since 2000.
Lucas Gutierrez
You underestimate how stupid some people are.
Parker Allen
I presses reply too early:
Yes, however this is shellshock is nowhere near the level of fuckery that this has been.
Bentley Robinson
>however this is shellshock
however shellshock*
Ethan Carter
Evidently, seeing as you fail to comprehend how stupid you are.
Jayden Ramirez
Anyone else notice a surge of asspained Windowsbabbies who keep pointing out irrelevant Linux vulnerabilities that never did any damage quite unlike Wannacry
Joshua Diaz
I've been a Unix and Linux sysadmin for a long time and my observation of windows-exclusive admins is they're typically incompetent finger-pointers. They choose Microsoft solutions because they're already designed by Microsoft and they can blame Microsoft when things go wrong. Services they can't figure out typically go to the Unix team to deploy, including any integration with the windows environment.
Shops which failed to roll out this SMB patch would have been typical bumblefuck windows admins too terrified to perform any change because the lack the ability to diagnose and fix any issues. It's pretty funny because today I'm kicking back while windows admins are on fire rolling out emergency patches, at more than a few sites I'm finding out.
What a massive cockup. Maybe now the execs will pay attention to the i7 AMT hole which is a gaping wound in a few networks which I'm aware of; they weren't so interested in hearing about about it last week.
Elijah Thompson
Meanwhile just last week...
theregister.co.uk
>It is possible for hackers to craft files that are booby-trapped with malicious code, and this nasty payload is executed inadvertently and automatically by the scanner while inspecting messages, downloads and other files. The injected code runs with administrative privileges, allowing it to gain full control of the system, install spyware, steal files, and so on.
Jaxon White
literally no one audits the code. surprise.
Kevin Anderson
> Maybe now the execs will pay attention to the i7 AMT hole which is a gaping wound in a few networks which I'm aware of; they weren't so interested in hearing about about it last week.
A man can dream.
Ryan Ramirez
Thank you C