.
I am shocked!! SHOCKED, I say!!!!!!
Have
.
http://www.measurementlab.net/...
Runs on OS-X, Windows, Linux. Port available on FreeBSD.
.
The purpose of the article is not to convey any manner of knowledge on the subject.
It's chewing gum for the job seeker, no more, no less.
... I don't understand why anybody cares...
Some people like to use software that is of a quality architecture and design, and not something that is little more than a security-challenged mash-up with very vocal protagonists.
.
Is voice quality OK when using it as a phone? Does it work well in weak signals?
.
It was the first Apple computer I bought. It will be the last Apple computer I ever buy.
...Since attackers are systematically scanning all available addresses in the IPv4 space...
If your site is on a server that does shared (or virtual) hosting, then IP address scans will usualy not trigger shellshock from your site because your site needs to be accessed via its URL. Accesses via IP address will usually go to a main site on that server, and that main site may not have any exploitable content.
... On one hand, that's a lot for a machine no one knows anything about; on the other, it indicates that attackers haven't wholesale dumped other methods in favor of going after this particular bug....
This is a straw man. Of course the bad guys are not going to walk away from all the other exploits in their toolbox. No one said they would.
Most of the shellshock accesses I see are just scans, i.e., the bad guys are building an inventory of what hosts are vulnerable. I haven't seen too many (i.e., only a very few) attempts to take over the host.... yet.
... BASH and OpenSSL are more key infrastructure bits than Xen is. What I mean is that they are integrated into FAR more devices and systems making a silent patch nearly impossible.
Quite correct.
.
Just try to estimate the number of devices affected by Heartbleed and Shellshock. It's probably in the billions.
As a case in point, a single Zen installation can host hundreds, maybe even thousands, of vulnerable installations of Shellshock and Heartbleed.
It is truly an apples and oranges comparison.
When Bruce Perens was getting questions from slashdot, I asked whether Obamacare should have mandated the use of open source software....
Easy to ask, difficult to do.
.
Obamacare barely passed when Congress considered it. If such an open-source requirement were in the law, then lobbyists from EPIC-type companies would be all over Congress, and Obamacare would have never passed.
Companies pay lobbyists to make sure Congress passes laws that put money into the companies' coffers. Things like cost-efficiency are not part of that equation.
We are experiencing system trouble -- do not adjust your terminal.
