Loading…
View analytic
Friday, February 6 • 14:10 - 14:50
shellshock!

Sign up or log in to save this to your schedule and see who's attending!

In September 2014, internet was rocked by a widespread security flaw called shellshock. It seemed to affect everything from web servers serving CGI, to dhcpclient etc, and even some satellite television settop boxes.

The presenter was responsible for ensuring Red Hat / Fedora and its customers/users were protected against this. Red Hat not only pioneered the patch which was used, but also provided guidance to other distros/upstream.

This presentation is a brief look at how these kind of security issues affect open source, provide a brief time line of what happened and why and how developers can often help ease out the pain :)

https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
https://securityblog.redhat.com/2014/09/26/frequently-asked-questions-about-the-shellshock-bash-flaws/

Speakers
avatar for Huzaifa Sidhpurwala

Huzaifa Sidhpurwala

Red Hat
I am a Principal Product Security Engineer working with Red Hat. Part of several Open Source Project Security Teams including Mozilla, WebKit, PHP, Python, Samba etc. Free time security researcher and Fedora contributor.     


Friday February 6, 2015 14:10 - 14:50
D0206

Attendees (1)