Oh dear; today’s tech news reveals another exploit affecting widely used Open Source software. In this case it is the shellshock bug that has been part of the bash shell for a long period of time. How easy is it to exploit in real life? I’m not entirely sure. Certainly my web programming is deeply defensive; any user input is checked, sanitised and ideally only allowed if it fits a narrow range of choice (not possible, of course, for free text) but what about the level of browser / server interactions that I generally take for granted?
Patching is taking place; we’ll see if this one disappears or if it runs and runs.