
The man who found the web's 'most dangerous' Internet security bug - yitchelle
http://www.theage.com.au/it-pro/security-it/stephane-chazelas-the-man-who-found-the-webs-most-dangerous-internet-security-bug-20140926-10mixr.html
======
userbinator
_He said he found the bug after reflecting on an earlier bug he found in Bash
a few months ago._

The majority of the article seems to be focusing on the effects after it was
found, but I would've liked more info on what lead him to discover the bug;
was he reading Bash source code looking for vulnerabilities, or something more
mundane? My current hypothesis is trying to debug a shell script that put '()
{' in an environment variable followed by some commands.

