Is the internet on fire?

This page provides a bit of a log of when and why the internet was on fire. Note: a lot more stuff broke on any given day than listed here.

2022-07-06: Java string interpolation -> RCE. Again.

Apache Commons Configuration 2.4 - 2.7 allows string interpolation including lookups such as "${script:expression}", "${dns:record}", and "${url:url}" as well as, of course, "${sys:property}" and "${env:var}".

Oh, also, there's an RCE in OpenSSL:

2022-03-07: Dirty Pipes considered harmful: Local privilege escalation by overwriting any file, regardless of permissions, file attributes, or even read-only mounts.

Trivial privilege escalation vulnerability via polkit/pkexec:
2022-01-25: pwnkit make me a sandwich: Trivial privilege escalation vulnerability via polkit/pkexec:
2022-01-12: Patch Tuesday
2021-12-10: log4j aka log4shell aka ${jndi:ldap://YES/🔥}
2022-09-14: Pegasus don't click!

2021-07-05: REvil: Ransomware As A Service
2021-06-09: ALPACA: Application Layer Protocol Confusion
2020-12-14: SUNBURST, when CoyzBear brings the SolarWinds of Change to Orion.
2020-02-07: CDPwn Layer 2 RCEs
2019-12-11: PlunderVolt
2019-11-13: TPM-FAIL
2019-06-06: The Return of the WIZard
2019-05-14: What is dead may never die.
2018-08-14: Speculatively, yes.
2018-05-14: EFAIL
2018-03-20: You get a branded vuln, you get a branded vuln, everybody gets a branded vuln! (And they're all uppercase, too!)

2018-01-03: KPTI ain't nuttin' to FUCKWIT

2017-12-12: ROBOT strikes back

2017-11-28: Think differently: click to root

2017-10-16: KRACK Attack, Jack!

2017-09-27: PIEClash in your face!

2017-06-27: Petya makes you WannaCry. Again.

2017-06-19: Smash and grab.
It's that kind of world.
2017-05-12: WannaCry?
2017-05-09: Quis custodiet ipsos custodes?
Turns out it's @natashenka and @taviso.

2017-05-01: Snootchie Bootchies! (Silent Bob is silent.)

2017-04-27: Now Playing: Ghostscript in the Shell

2017-02-23: SHA1 shattered; Cloud flarse.

2016-10-21: Dat Dyn DNS DDoS, Dudettes!

2016-09-22: Only if you're Brian Krebs...

2016-07-18: Why Won't Anybody Think Of the Environment?

2016-05-05: Make ImageMagick Great Again

2016-05-03: Pfft, not even a logo.

2016-04-29: Possibly.

2016-03-01: Yep.

2016-02-27: Probably.

2016-02-16: Got addr info?
Good thing so few systems use getaddrinfo(3).
2016-01-14: Only if you're roaming

2015-12-18: Nope. Nothing to see here.

2015-12-08: 'tis the season.
Your early December triple crown:

2015-11-14: Only cat pics.

2015-10-29: Smoking clouds.

2015-10-14: Probably.

2015-09-02: /etc/hosts FTW

2015-07-28: /etc/hosts FTW

2015-06-09: No more than usual.

2015-06-06: Probably.

2015-05-20: Logjammed!

2015-05-13: Virtually poisoned.

2015-04-30: Round up the usual suspects.

2015-04-30: BACKRONYM!!1!

2015-04-21: WordPress, amirite?

2015-04-14: patch tuesday sparks.

2015-04-08: Not more than usual.

2015-03-26: Mazel Tov.

2015-03-19: Minor flames.

2015-03-10: Rowhammer goes SMASH.

2015-03-03: Getting FREAKy.

2015-02-27: Only the cloud.

2015-02-25: Welp, yeah. Ish.

2015-02-19: Yup.

2015-02-02: Does a bear shit in the woods?

2015-01-27: Boo!

2015-01-22: Yo.

2015-01-08: Same.
OpenSSL Security Advisory

2015-01-07: Flaring up.
2014-12-17: Errday.
2014-11-21: Errday.
2014-11-11: Yes.
2014-10-30: Not more than usual.
2014-10-29: Still burning.
2014-10-15: Yes. Again.
2014-10-13: not more than usual
2014-10-02: still burning
2014-09-30: still burning
2014-09-24: yep
2014-06-05: a bit more than usual
2014-04-07: yep
Made by @jschauma. See other Signs of Triviality.