🦞🌯 Lobster Roll

Thread

Shellshock (2014, 2025) (dwheeler.com)
L 8 pts 3 comments by jmiven Sep 30, 2025 historicalsecurity thread

Stories related to "Shellshock (2014, 2025)" across the full archive.

Shellshock (2014, 2025) (dwheeler.com)
L 8 pts 3 comments by jmiven Sep 30, 2025 historicalsecurity Security / PrivacyCulture / Philosophy / History / Reading thread
qmail is a vector for CVE-2014-6271 (bash "shellshock") (marc.info)
L 1 pts 0 comments by 0xfg Sep 28, 2014 security Security / Privacy thread
A Historical Perspective of Speech Recognition (2014) (cacm.acm.org)
L 3 pts 0 comments by mjn Feb 11, 2018 aihistorical AI / Machine LearningCulture / Philosophy / History / Reading thread
Why SSL was renamed to TLS in late 90s (2014) (tim.dierks.org)
L 82 pts 9 comments by franta Jun 15, 2025 browsershistoricalsecurity Web DevelopmentSecurity / PrivacyCulture / Philosophy / History / Reading thread
Practical Security for 2014 (youtube.com)
L 3 pts 3 comments by inactive-user Jan 10, 2014 linuxsecurityvideo Systems / Low-Level / OSSecurity / Privacy thread
Highlights of the Real World Cryptography 2014 workshop (blog.xot.nl)
L 2 pts 0 comments by inactive-user Jan 21, 2014 security Security / Privacy thread
This is a link to the summary of day #1, which has links to day #2 and day #3.
Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) (openwall.com)
L 7 pts 0 comments by jcs Jan 31, 2014 linuxsecurity Systems / Low-Level / OSSecurity / Privacy thread
TrustyCon - Live from San Francisco 02/27/2014 (youtube.com)
L 1 pts 0 comments by karstensrage Feb 28, 2014 eventsecurityvideo Security / Privacy thread
Stream of the full conference https://www.trustycon.org. The last two speakers, starting at 6h06m were very good.
Deep Analysis of CVE-2014-0502 – A Double Free Story (blog.spiderlabs.com)
L 4 pts 0 comments by jcs Mar 12, 2014 reversingsecurity Systems / Low-Level / OSSecurity / Privacy thread
Heap Overflow in YAML URI Escape Parsing (CVE-2014-2525) (ruby-lang.org)
L 4 pts 0 comments by jcs Mar 29, 2014 rubysecurity Programming (General)Programming Languages / CS TheorySecurity / Privacy thread
DigitalOcean Security Disclosure 2014-03-30: Not destroying droplets securely, data is completely recoverable (gist.github.com)
L 7 pts 3 comments by Whoop Mar 31, 2014 security Security / Privacy thread
Heartbleed Bug (OpenSSL CVE-2014-0160) (heartbleed.com)
L 54 pts 15 comments by jturner Apr 7, 2014 releasesecurity Security / Privacy thread
Test your server for Heartbleed (CVE-2014-0160) (filippo.io)
L 34 pts 4 comments by inactive-user Apr 8, 2014 security Security / Privacy thread
Oracle Critical Patch Update - April 2014 (oracle.com)
L 1 pts 0 comments by fab Apr 18, 2014 databasessecurity Data / Databases / InfrastructureSecurity / Privacy thread
Rails Directory Traversal Vulnerability With Certain Route Configurations (CVE-2014-0130) (groups.google.com)
L 1 pts 0 comments by jcs May 7, 2014 rubysecurity Programming (General)Security / Privacy thread
An earlier version of this advisory incorrectly assumed that the only way to trigger this vulnerability was with routes containing '\*action'. There are additional attack vectors and as a result *all* users are advised to upgrade to a fixed version as soon as possible.
BSDCan 2014: Bob Beck on LibreSSL: the first 30 days, and where we go from here (openbsd.org)
L 30 pts 6 comments by cnst May 17, 2014 openbsdprogrammingsecurity Systems / Low-Level / OSProgramming (General)Security / Privacy thread
http://www.bsdcan.org/2014/schedule/events/520.en.html http://undeadly.org/cgi?action=article&sid=20140517144304
yescrypt - password hashing scalable beyond bcrypt and scrypt (PHDays 2014) (openwall.com)
L 12 pts 1 comments by jcs May 24, 2014 securityslides Security / Privacy thread
OpenSSL Security Advisory [05 Jun 2014] (openssl.org)
L 15 pts 1 comments by PiotrSikora Jun 5, 2014 security Security / Privacy thread
Along with a pretty website for CVE-2014-0224 (CCS Injection Vulnerability): http://ccsinjection.lepidum.co.jp/ and a write-up about it by Adam Langley: https://www.imperialviolet.org/2014/06/05/earlyccs.html
pwn4fun Spring 2014 - Safari - Part I (googleprojectzero.blogspot.com)
L 4 pts 1 comments by tedu Jul 25, 2014 browserscreversingsecurity Web DevelopmentSystems / Low-Level / OSSecurity / PrivacyApple / macOS / iOS thread
Black Hat 2014 Talks (youtube.com)
L 6 pts 1 comments by jcs Aug 18, 2014 eventsecurityslidesvideo Security / Privacy thread
The poisoned NUL byte, 2014 edition (googleprojectzero.blogspot.com)
L 11 pts 2 comments by jcs Aug 26, 2014 reversingsecurity Systems / Low-Level / OSSecurity / Privacy thread
CVE-2014-1564: Uninitialized memory with truncated images in Firefox (lcamtuf.blogspot.com)
L 6 pts 0 comments by tedu Sep 3, 2014 browserssecurity Web DevelopmentSecurity / Privacy thread
CVE-2014-6271 And You: A Tale Of Nagios And The Bash Exploit (blog.threatstack.com)
L 13 pts 2 comments by byoung Sep 25, 2014 devopssecurity Data / Databases / InfrastructureSecurity / Privacy thread
Free Software Foundation statement on the GNU Bash "shellshock" vulnerability (fsf.org)
L 14 pts 10 comments by journeysquid Sep 26, 2014 lawsecurity Programming (General)Security / Privacy thread
Almost tempted to include the satire tag.
How to Protect your Server Against the Shellshock Bash Vulnerability (digitalocean.com)
L 2 pts 0 comments by crtr Sep 26, 2014 security Security / Privacy thread
Bash bug: so, like, apply the unofficial patch now (CVE-2014-6277) (lcamtuf.blogspot.com)
L 7 pts 3 comments by jcs Sep 27, 2014 linuxsecurity Systems / Low-Level / OSSecurity / Privacy thread
Bash bug: the other two RCEs, or how we chipped away at the original fix (CVE-2014-6277 and '78) (lcamtuf.blogspot.com)
L 10 pts 4 comments by jcs Oct 1, 2014 security Security / Privacy thread
CVE-2014-7284 (NGRO Bug): Lack of randomness in Linux kernel network secrets (webcache.googleusercontent.com)
L 8 pts 3 comments by jcs Oct 2, 2014 linuxsecurity Systems / Low-Level / OSSecurity / Privacy thread
cmd.exe "shellshock" (twitter.com)
L 10 pts 3 comments by journeysquid Oct 3, 2014 securitywindows Security / Privacy thread
Per Dan Kaminsky, ‏"probably not exploitable but we'll see."
Protect Your Docker Containers Against Shellshock (blog.tutum.co)
L 3 pts 0 comments by KickingTheTV Oct 10, 2014 programmingsecurity Programming (General)Data / Databases / InfrastructureSecurity / Privacy thread