Maybe not favorite but "most memorable": "CVE-2014-6271: Remote code execution through bash" [1]
The top comment when I first saw it was, "If you are responsible for the security of any system, this is your immediate, drop-everything priority." [2]
Shellshock just kept going, and going, and for days you didn't know what was coming next. I suppose it's unfair to real PTSD victims to say this, but sometimes I feel like I have a little PTSD from that incident. I can only imagine what people at the center of it were going through.
My favorite blow-by-blow account was David Wheeler's essay [3] [4].
I enjoyed it because it was one of those times you realize none of us really know WTF we're doing. Everyone is just pretending they have a good understanding of how things work. Software is just too large to really understand how things are interconnected.
The top comment when I first saw it was, "If you are responsible for the security of any system, this is your immediate, drop-everything priority." [2]
Shellshock just kept going, and going, and for days you didn't know what was coming next. I suppose it's unfair to real PTSD victims to say this, but sometimes I feel like I have a little PTSD from that incident. I can only imagine what people at the center of it were going through.
My favorite blow-by-blow account was David Wheeler's essay [3] [4].
[1] https://news.ycombinator.com/item?id=8361574 [2] https://news.ycombinator.com/item?id=8361871 [3] http://www.dwheeler.com/essays/shellshock.html [4] https://news.ycombinator.com/item?id=8428644