I'm not seeing anything new that wasn't already presented by researchers at @BlackHatEvents 2007-2012 or released in public jailbreaks.
-
-
-
Why doesn't everyone just assume that multiple parties build attack tools based on clearly useful public research and freely released tools?
-
Even before researchers demonstrate an attack is feasible, defenders should be thinking about how to detect attacks known to be possible.
-
Security boundaries can be crossed. Mutable state can be mutated. Unauthenticated code can be unauthentic. That's just how computers work.
-
The interesting bits are how it's easier than expected. Like reflashing the ROM on GigE->TB adapter to run code pre-boot. Nice one,
@snare! - 1 more reply
New conversation -
-
-
The public is not consuming that info though and they are taken by surprise when those things surface.
-
True, BlackHat talks typically make the trade press, but rarely into mainstream.
End of conversation
New conversation -
-
-
Said the thing about the CIA tools leak a day after they dropped.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Also, a good portion of infosec people are simply focused on the tech side and forget that attacks can be used in diff contexts
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.