Great interview. Without badgering, without being overly aggressive, @IanCutress exposes CTS-labs ... An excellent example of giving them enough rope. @linus_ltovalds is correct "It looks more like stock manipulation than a security advisory to me."https://twitter.com/anandtech/status/974429028026331138 …
-
Yes but they require admin access. That makes a big difference to their real world impact, AIUI. The accusation is not about the technical write up or
@trailofbits but that they did a flashy PR release that hyped the hell out of the vuln and helped@viceroyresearch short@AMD
The bugs are definitely worth a security advisory, and simply saying they require admin access doesn't mean they're useless or that you should ignore them. IMHO your take on this is very weird. Maybe read our blog again?
-
-
Dan: I'm absolutely not saying the bugs aren't real, or that they can be ignored. Nor am i saying the hype they is unique. But who issues an advisory with no CVE # like that? I'm saying over-hyped vuln + 24-hours notice to vendor + stock shorting scheme = something not right here
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Most consumers run with admin privileges! As do more than a few large organizations) I.e., gain user access, have sufficient privileges to cause great harm. Claim of protection from admin (of a user box) is dodging the security issues, IMHO.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.