Cable Forum - View Single Post - Huge bash exploit CVE-2014-6271

tweetiepooh · 29-09-2014, 17:01

But you pay for Redhat while Ubuntu is free.

OpenSuse and Mint have patches for both, whether this secures things remains to be seen. It does highlight a big issue in testing.
Most testing works through scenarios to show the program works as expected. It doesn't (and realistically can't) test for it behaving "badly". One way to do that is to give it to a group of children/teens and just let them loose, maybe add a bit of hacking/cracking resource to show what can be done. This won't necessarily cover all the bases but it will cover some of them. Too many times I've seen code released fail because a user does something unexpected that's not catered for, some take great pleasure in trying this.

29-09-2014, 17:01	#21
tweetiepooh Virgin Media Employee Join Date: Sep 2005 Location: Winchester Services: Staff MyRates BB: VM 1Gb TV: VM XL Phone : VM XL Posts: 3,350	Re: Huge bash exploit CVE-2014-6271 But you pay for Redhat while Ubuntu is free. OpenSuse and Mint have patches for both, whether this secures things remains to be seen. It does highlight a big issue in testing. Most testing works through scenarios to show the program works as expected. It doesn't (and realistically can't) test for it behaving "badly". One way to do that is to give it to a group of children/teens and just let them loose, maybe add a bit of hacking/cracking resource to show what can be done. This won't necessarily cover all the bases but it will cover some of them. Too many times I've seen code released fail because a user does something unexpected that's not catered for, some take great pleasure in trying this. __________________ I work for VMO2 but reply here in my own right. Any help or advice is made on a best-effort basis. No comments construe any obligation on VMO2 or its employees.