What's new

News TikTag unfixable Arm vulnerability

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Tiktag unfixable arm vulnerability.

No - just disable the feature for ARMv8.5A - which this is a specific feature...

 
No - just disable the feature for ARMv8.5A - which this is a specific feature...


The title is just quoting the video.
 
everything is end of the world these days
And many security experts are masterclickbaiters. A lot of them publish incomplete, sometimes out of date information, and push it as if they had just discovered the Holy Grail... I remember a few years ago one of them published a long article about a few CVEs present in Asus routers. His article failed to disclose that all mentionned CVEs were already fixed 6+ months ago.

Linus Torvalds had a few choice words about them a few years ago, and I totally agreed with his opinion back then.
 
CVEs were already fixed 6+ months ago

Would you be happier if the information published was current with not yet fixed firmware? I strongly believe most of this information is presented after the issue was fixed, no? Otherwise it won't be just educational, but instructions how to exploit the vulnerability.
 
And many security experts are masterclickbaiters. A lot of them publish incomplete, sometimes out of date information, and push it as if they had just discovered the Holy Grail... I remember a few years ago one of them published a long article about a few CVEs present in Asus routers. His article failed to disclose that all mentionned CVEs were already fixed 6+ months ago.

Correct - and sometimes these "disclosures" are suspect in other ways - I recall a couple of years back on a set of items for the AMD Zen platform that was a bit suspicious and coupled to trading in AMD stock (short sellers)...
 
Would you be happier if the information published was current with not yet fixed firmware? I strongly believe most of this information is presented after the issue was fixed, no? Otherwise it won't be just educational, but instructions how to exploit the vulnerability.
If you publish the information 2 weeks after the issue was fixed and nobody knows yet that it was fixed, then you are doing a service.

If you publish the information 6-12 months after it was fixed and already announced in the changelogs published 12 months ago that it was fixed AND you don't even mention in your article that it was already fixed, generating unnecessary panic, then you are clickbaiting.
 
I agree clickbate is a problem. With this post I just couldn’t be bothered to deep dive into the details, but it was recent enough to post.

Figured the research paper would be sufficient to those that this matters to, and the video would help those with limited background in arm/Linux to understand the problem a little better.
 

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Top