12 Days competition: Day 10 – This bug was one shell of a shock

The Twelve Days of Christmas - melody

Here’s the melody – click to sing along!

If Heartbleed started a trend for giving vulnerabilities theatrical monikers instead of numeric IDs, then this bug from September nailed it.

For good or for ill it seems that from now on coding mis-steps that pose a significant danger to a sizeable number of computers will have names that sound more like the stars of the latest Transformers movie and less like supplemental tax forms.

[What’s unexciting about tax forms, supplemental or otherwise?Ed.]

Goodbye CVE-2014-6271, hello Shellshock.

Bash “Shellshock”
vulnerability –
what you
need to know

And for your chance to win an exclusive, limited edition, Naked Security T-shirt, work out the answer to Paul Ducklin’s brain teaser below…

This December we’re celebrating Christmas by giving away five of our much-coveted, limited edition Naked Security T-shirts every day for 12 days!

We’ve selected twelve of the most interesting stories from 2014 and we’ll be writing about one of them each day.

All you have to do to win a T-shirt is read the story and answer the question.

We’ll pick 5 lucky winners out of a hat (OK, /dev/urandom) each day and those who answer the most questions correctly over the 12 days will be entered into our grand prize draw for a goody bag of geeky gifts valued at up to $500!

We need to know your email address so that we can contact you if you’ve won. When we contact you, we’ll need your T-shirt size, a delivery address and a contact number so we can ship your prize. We won’t use any of your personal details for anything other than this competition.

Entries close at 23:59 Pacific Standard Time (UTC-8) each day. Sophos staff, those pro­fessionally connected to the company, and their families, are welcome to submit answers for fun, but can’t win. T-shirt styles may vary from those depicted. Sophos’s decision is final, and so on. Please read our official competition terms and conditions.

What was Day 9’s answer?

Day 9’s topic was the U2 album that iTunes users “got for free” from Apple, except it didn’t quite turn out like that.

What actually happened is that the album was credited to you as a purchase, and then showed up on your device automatically.

Unexpectedly, in fact.

As for the Day 9 question, we drew an admittedly very thin link between the privacy implications of being deemed to have bought something without consent, and the history of surveillance.

A thin link, indeed, but it allowed us to ask you a question about U2’s namesake, the high-flying U-2 aircraft.

We asked, “In which year did the U-2 first fly?”

Apparently, the U-2’s first flight was unusual, because initial testing was only supposed to involve burbling the plane along the runway to see how it would taxi, given its unconventional landing gear.

But its glider-like wings produced so much lift that it took off anyway.

Unexpectedly, in fact.

The year was 1955.