Website and server security has taken many large blows this year, with 2 major software flaws and numerous very sophisticated attacks on some very large websites, every user on the web has been affected.
The average user may not even have been aware, but almost every website they were visiting, as well as their own computers at the start of this year were vulnerable to attack.
Anyone who knew about these bugs (which was not many and certain;y not public) could have very, very easily have access and control of many millions of systems.
This is a result of mistakes in code that had never been audited for security, simply because when it was written, server security was not what it is now, In the case of Shell Shock, this was in 1992, in our house we only had a computer so that ny mother could work on university assignments and it certainly was never connected to the internet!
This means that nearly every website I visited, logged in to or made a purchase from in my entire life was completely and utterly vulnerable.
That is a scary thought, but its been patched now so its better right? The answer is yes and no.
The web is littered with code that was written decades ago, which has never been security audited, and mistakes can be very easy to make. So make no mistake there are more big security flaws to be found, and also make no mistake that both sides of the fight are looking for them.
What we can take away from this is that the flaws are now being revealed. Many years too late, but isn't that better than never?