I guess it really depends on how Ebay will be treating Paypal from now on, and how Amazon will react. If this means that Ebay is diverging from the ease-of-use thing they’ve got going with Paypal, that may turn out pretty badly for the latter. Then again, if this triggers Amazon to flick the switch, Paypal has a great future ahead of it..
Honestly I’m not too concerned about ApplePay on this respect – if they’re going to flip over anything, it’ll be analogue credit card payments rather than digital ones.
I’d be interested to see if/how this is exploitable from some sort of popular front end app (thinking, apache with mod_php, not just cgi)
While mod_php does not immediately rely on bash in the way cgi does, it could definitely be possible to influence environment variables. Forcing a remote machine to read the variables would be a second issue, though. In any case, many uses of
system() are likely to run into bash somewhere along the line. I’m very curious how this one will play out, as I doubt the patching process will be anywhere as smooth as with Heartbleed.
Thanks for the snippits showing your local test
Guys, aren’t you tired of discussing how awesome/miserable Android/iPhone and their users are? Just curious.
It starts out being interesting to watch from the sidelines, but as time goes by it becomes a wee bit sad. Very much like all the others- Linux / Windows / OSX, vim / emacs, GNU / BSD, the list goes on.