For as remarkably devastatingly successful as the #moveit vulnerability/attack was, it's fascinating that the attention of our industry is drawn to things like downfall and others.
@jerry I think some very technical people tend to talk more about technical issues that fascinate them instead of real practical security problems. These people usually also downplay the problems related to governance and management of security that are usually the main reasons for breaches, an not very technical security problems.
@jerry I think CPU architecture is magic to just about everyone, so taking advantage of that is always really interesting from a security point of view.
@jerry For some of us, things like Downfall offer an opportunity to learn something new and temporarily distract us from the never ending work around things like MOVEit.
@jerry I think the industry and the media have way to many clowns that want things to be cool and sexy or they try to push some weird "vuln" that if you read the paper is over complicated and mostly a waste of time for most attackers.
@jerry I just checked Dark Reading to see if we fell prey to that, but 32 results for "moveit," all of which will be for the vuln, and 33 for "downfall," with no more than 5 or so that are clearly covering that attack instead of just being dramatic in language. Phew!
Add comment