Well, Garak, as usual, you seem to be the first one with good commentary instead of silly personal attacks. As usual, you are my favorite Linux person here. Or I guess I could say you are my only favorite Linux person.
I agree that the media often does not know much about anything, although it depends on what media you are talking about. There are some media outlets that know a lot about computers and computer technology and they have commented on Shellshock and Heartbleed and the Bugzilla bug also. You have to realize that SANS has talked about this Shellshock vulnerability. That means something. And the general media is getting information from various computer security experts and computer security firms.
And of course Kaspersky is making a lot of money selling antivirus software. But I think you are probably willing to agree that Kaspersky is one of the very best antivirus companies out there. So I think what their experts have to say means something. On the other hand, I heard about Kaspersky's own servers being attacked twice. And apparently they were using open source software for their servers (Linux, I guess). That looks a little bad if a security companies own servers get attacked.
Too many experts however are saying that this Shellshock is very serious. And I do not share your confidence that all servers on the internet are going to be updated immediately. In fact, they are even having problems with the updates. There is some evidence that the updates do not cover the entire problems. For example, some people are saying that Apple's updates covered only two out of three issues. And more vulnerabilities are being located. Kaspersky people talked about that. And Yahoo talked about a vulnerability other than the Bash (Shellshock) vulnerability. In the case of Heartbleed six months after Heartbleed had been discovered there were many, many servers that had not been updated. Including many servers of major companies.
You know I don't care much about open source software and Linux. But something like maybe 66% of the servers on the internet are Linux servers. So anybody who uses the internet has to be concerned about the security of those servers. I may not especially like Linux, but I want those Linux servers to be secure. It is in my interest that they are secure. It is in everybody's interest that they are secure. I am going to include a few sources of information you might be interested in.
And thanks for being a gentleman and not a jerk, and thanks for being willing to discuss things instead of attacking somebody personally.
http://www.stuff.co.nz/technology/digita...h-internet.html
ech.mit.edu/V134/N41/shellshock.html
ww.newsfactor.com/news/1%20Billion%20Attacks%20Hit%20Shellshock%20Flaw/story.xhtml?story_id=01000147BK84
http://www.programmableweb.com/news/shel...rnet/2014/09/30
https://www.us-cert.gov/ncas/current-act...n-Vulnerability
I had problems getting the source from SANS.