At the annual SecTor Toronto security conference, one of the key highlights for the last several years has been the Fail Panel, which examines the areas where the security industry did not succeed and where lessons of the past have still not been learned.

This year was no exception. At the 2014 edition of the Fail Panel, the major topic of discussion was the big brand-name vulnerabilities like Heartbleed, Shellshock and POODLE and how they are properly — or in some cases improperly — disclosed.

Securosis CEO and analyst Rich Mogull took particular aim at the Shellshock vulnerability and how it was disclosed. Shellshock is technically a vulnerability in the BASH (Bourne Again Shell) that could have enabled an attacker to inject and execute arbitrary commands on a vulnerable server.

Read the Full Article: Source – eSecurity Planet
http://www.esecurityplanet.com/malware/shellshock-a-fail-for-security-disclosure.html

source not found