“So did you know there’s a Windows version of Shellshock?” a coworker asked the other day.
“What, Cygwin’s bash?” I asked.
“No, in CMD.EXE.”
I thought for a second, back to some really nasty batch files I’ve seen that do goofy stuff with variables and parenthesis and other reserved characters. Suddenly it made sense. Those cryptic batch files are exploiting the command interpreter to do things that shouldn’t be done. Then I smiled.