The year of security flaws

It really is the year for big bugs in code!

First there was the heart-bleed exploit in the OpenSSL code, which allows the mining of sensitive data from the memory of remote servers. It is most commonly used in eCommerce circles to ensure encrypted (ie safe) transmission of financial records between computers, like when you buy something.  It has been around for at least 2 years before being discovered. It also now seams to have it’s own website, heartbleed.com

Then there was the shellshock flaw in the BASH shell, which allows the execution of arbitrary code, and had been around since 1989. It was discovered on the 12th of September, with fixes been released by Apple on the 29th of September, and Florian’s patch been confoirmed by Zalewski on the 1st of October.

And now there is bug in PowerPoint (See TechCrunch’s blog), which allows full control of the Windows machine by a PowerPoint document when opened!