This means I can file a CVE for every single iOS and Android device now, right? "Secure boot can be bypassed with a FIB workstation to gain full root access" People applying for dumb meaningless CVEs outside reasonable threat models just make the security industry look bad.https://twitter.com/erincandescent/status/1251872738270220290 …
-
I mean, this is what happens when CVEs turn into clout/a resume. Can't wait until they become meaningless, like the whole wave of well-marketed exploits that didn't amount to much in the end just diluting people's attention on that whole segment of things.
There was this article the other day about data exfiltration using PC fans. Clickbaited as "stealing data from airgapped computers". Same team had like 3 dozen other papers with various vectors. Without reading it, I came up with most of the ideas in a Reddit comment.
-
-
Like apparently there's this team of researchers whose entire output is variations on "we can write malware that blinks the HDD led and sends information that way".
-
Heh. While there are some valid variations on that (like that things where some switches used to actually blink packets out, which isn't something you'd find immediately obvious) I feel like the next big things is going to be hammering realistic threat models back into people.
- Show replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.