-
-
Replying to @artem_i_baranov
Qualifying submissions have to work behind NAT and only be in the "database update channel"? That does not sound very realistic. It seems like offering $1M to hack a car remotely *but* must be through tires, no other attack qualifies.
5 replies 17 retweets 55 likes -
Replying to @taviso
Hardest and profitable attack vector - wormable, pwn the product w/o any user interactions.
1 reply 0 retweets 2 likes -
Replying to @artem_i_baranov
A vulnerability in the scan engine can be triggered via email. Remote, wormable, and no user interaction required. That would be realistic, I've found and exploited dozens.
2 replies 0 retweets 41 likes -
Replying to @taviso
I. e. this is not wormable vector, because you should run app or web browser to see email. :)
2 replies 0 retweets 0 likes
You're wrong on this Artem, "wormable" does not mean "identical to morris worm", it means self-propagating. Clearly an Outlook 0day, for example, would be wormable by any reasonable definition.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.