|
|
|
|
|
|
by spydum
3321 days ago
|
|
|
a lot of people kicking sand in MSFT's eyes for having such a vulnerability.. but come on, the code base for windows is enormous. The feat of engineering that is microsoft windows (and its many iterations) is pretty amazing when you really look at it. Yes, plenty of flaws, but show me some other software which has endured? Further, all of the major infections are based on Windows XP. Windows XP mainstream support ended a full year before the first gen iPhone was out! It's seriously ancient and there are very few excuses for people to have this crap on a network in 2017. For the folks who dont run XP, but got infected because they didn't patch? No excuses. If I booted a RedHat (5.2 came out in 2009ish) or FreeBSD machine from 2009 without patches, and put it on the internet, I'm pretty sure it'd be hosed just as bad (shellshock, heartbleed, ?). the difference is, everyone would tell me I'm an idiot for putting a machine online from 2009. |
|
|
As a tongue in cheek (but totally true) correction, FreeBSD from 2009 would NOT be vulnerable to the shellshock vulnerability unless you explicitly install `bash` and make it the shell used by apache-cgi.
By default, FreeBSD lacks bash.