You said measures kiddies wasn’t useful.
-
-
Replying to @dwizzzleMSFT
I meant isn't useful in this context - how many kiddies there are doesn't have any relationship to how bad things would have been if we didn't invest the effort into cleaning up rowhammer, but the instrumentation only measures how many kiddies there are.
1 reply 0 retweets 6 likes -
Replying to @taviso @dwizzzleMSFT
Give me a guesstimate how much it would cost to turn speckhammer into a profitable professional azure compromise - $1M? You need staff, dev, ops, etc and it's risky. But once you patched it, seems really hard to recoup that. Instrumentation only measures opportunistic attempts.
1 reply 0 retweets 2 likes -
Replying to @taviso
agree measurement has tons of limitations and also agree with costs. So let’s not measure anything?
1 reply 0 retweets 0 likes -
Replying to @dwizzzleMSFT
I want the data as much as you do, I just don't see how to get it. Is the popemobile useless because nobody has tried to shoot it? No, that doesn't prove the threat was overblown, if it wasn't there, someone could have tried...right?
2 replies 0 retweets 5 likes -
Replying to @taviso
If you think I’m arguing for not patching, I’m not. I’m saying it is clear not everyone is going to do everything and there will be some prioritization in defense. Seems like investing in research in this space is a good idea to help. I don’t believe partial data is worthless.
1 reply 0 retweets 0 likes -
Replying to @dwizzzleMSFT
No, I think you're arguing that there is some relationship between existence of targeted attacks and prevalence of opportunistic attacks. Is that accurate?
1 reply 0 retweets 2 likes -
Replying to @taviso
No I’m just saying data on opportunistic attack’s is useful.
1 reply 0 retweets 0 likes -
Replying to @dwizzzleMSFT
Well, we agree on that. I don't think it would tell us anything about whether a vuln would have been used in targeted attacks though, that's not what you're interested in?
1 reply 0 retweets 1 like -
Replying to @taviso
I’m interested as hell, I don’t know how to do it for all the good reason you listed.
1 reply 0 retweets 0 likes
Hmm okay. I guess it just sounded like you were calling for action. Everyone surely agrees data would be nice, but it can't exist. Even if we were to find some way to survey attackers, it's in their interest to lie and divert resources away haha.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.