Loading…
Back To Schedule
Friday, February 6 • 14:10 - 14:50
shellshock!

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

In September 2014, internet was rocked by a widespread security flaw called shellshock. It seemed to affect everything from web servers serving CGI, to dhcpclient etc, and even some satellite television settop boxes.

The presenter was responsible for ensuring Red Hat / Fedora and its customers/users were protected against this. Red Hat not only pioneered the patch which was used, but also provided guidance to other distros/upstream.

This presentation is a brief look at how these kind of security issues affect open source, provide a brief time line of what happened and why and how developers can often help ease out the pain :)

https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
https://securityblog.redhat.com/2014/09/26/frequently-asked-questions-about-the-shellshock-bash-flaws/

Speakers
avatar for Huzaifa Sidhpurwala

Huzaifa Sidhpurwala

Principal Product Security Engineer, Red Hat
Huzaifa Sidhpurwala is a Principal Product Security Engineer at Red Hat. Finds security flaws in his spare time, and has been the in the top 3 presenters at devconf.Czech Republic for the last 2 years!!


Friday February 6, 2015 14:10 - 14:50 CET
D0206

Attendees (1)