Loading…
Friday, February 6 • 14:10 - 14:50
shellshock!

Sign up or log in to save this to your schedule and see who's attending!

In September 2014, internet was rocked by a widespread security flaw called shellshock. It seemed to affect everything from web servers serving CGI, to dhcpclient etc, and even some satellite television settop boxes.

The presenter was responsible for ensuring Red Hat / Fedora and its customers/users were protected against this. Red Hat not only pioneered the patch which was used, but also provided guidance to other distros/upstream.

This presentation is a brief look at how these kind of security issues affect open source, provide a brief time line of what happened and why and how developers can often help ease out the pain :)

https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
https://securityblog.redhat.com/2014/09/26/frequently-asked-questions-about-the-shellshock-bash-flaws/

Speakers
avatar for Huzaifa Sidhpurwala

Huzaifa Sidhpurwala

Principal Product Security Engineer, Red Hat
I work as a Principal Product Security Engineer with Red Hat. I have been involved with high impact security flaws specially related to SSL/TLS over the last 10 years. I am a part of various upstream security teams and a contributor to Fedora security team.


Friday February 6, 2015 14:10 - 14:50
D0206

Attendees (1)