COMMENTARY ON CVE-2020-0601: I have been speaking to several players on this on background and there are a few things they want to highlight / clarify based on the public discourse so far.
-
Show this thread
-
When NSA says CVE-2020-0601 enables Remote Code Execution, they mean that trusted communication channels like automatic update downloads and non-validated input between systems could be modified in-transit by a MitM, to cause RCE or other malevolent ends.
8 replies 66 retweets 317 likesShow this thread -
This vulnerability is not about a wormable global takedown of computers, but instead resourced attackers who own network transit points being able to modify communication streams at-will. Basically, nation-state APTs who routinely compromise foreign network infrastructure.
10 replies 76 retweets 358 likesShow this thread -
Replying to @SwiftOnSecurity
Stop saying nation-state you grammy-winning monster
3 replies 0 retweets 14 likes -
Replying to @Pinboard
I fully understand the linguistic objection and what that compound word means, but I’ve gotten feedback before that states wasn’t clear and not standard terminology. I’ll try to use another term.
2 replies 0 retweets 7 likes
Standard terminology in this field is full of acronyms and jargon that are far more opaque (one example is in your tweet itself). I appreciate the need to communicate clearly and your efforts to move in that direction!
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.