Here’s the melody – click to sing along!
You remember Snapchat, it’s the smartphone app that became famous for letting you send saucy photos that save your blushes by self destructing…
…before it became famous for not actually doing that at all.
The potential immortality of SnapChat’s will-o’-the-wisps came home to roost in October’s inglorious Snappening.
And for your chance to win an exclusive, limited edition, Naked Security T-shirt, work out the answer to Paul Ducklin’s brain teaser below…
We need to know your email address so that we can contact you if you’ve won. When we contact you, we’ll need your T-shirt size, a delivery address and a contact number so we can ship your prize. We won’t use any of your personal details for anything other than this competition.
Entries close at 23:59 Pacific Standard Time (UTC-8) each day. Sophos staff, those professionally connected to the company, and their families, are welcome to submit answers for fun, but can’t win. T-shirt styles may vary from those depicted. Sophos’s decision is final, and so on. Please read our official competition terms and conditions.
What was Day 10’s answer?
Day 10 was about the age of the Shellshock bug in Bash, a command shell that is very widely used on Linux and BSD-based systems (including OS X).
Bash is occasionally found on Windows, too, deployed by developers for compatibility with UNIX/Linux build systems.
Usually, you start Bash and then feed it a script to execute.
Usually, when Bash is started on your server by some remotely-triggered action (such as a website visitor running a search), the script is carefully controlled to prevent sneaky user input from causing trouble.
But thanks to the Shellshock hole, you could trick Bash into running a cunningly-concealed command during start up, and then feed it an innocent looking script to cover your tracks.
Amazingly, this bug was introduced in August 1989, in Bash version 1.03.
To the nearest full year, therefore, the vulnerability was 25 years old.