Salted Hash has spent most of the day at DerbyCon learning, presenting and doing a marathon media training session for The Cavalry. Shellshock is bad, so was Heartbleed for that matter, but neither of them stack-up to SQL Injection. While the attack surface is massive, there’s only a single patch needed, that’s a good thing. Microsoft says that they will not patch the vulnerability. Microsoft told Kaspersky’s Threatpost last December that the XSS filter in Internet Explorer is only supposed to increase the cost of an attack.”]
Source: https://www.csoonline.com/article/2688404/salted-hash-live-from-derbycon-update-2.html