Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/alwayscurious/statuses/114593281424580877">Demi Marie Obenour (alwayscurious@infosec.exchange)'s status on Friday, 30-May-2025 08:30:15 JST</a><a href="https://infosec.exchange/@alwayscurious" title="alwayscurious@infosec.exchange"><img src="https://gnusocial.jp/theme/gnusocialjp/default-avatar-stream.png" width="48" height="48" alt="Demi Marie Obenour" style="position: absolute; left: 0; top: 0;">Demi Marie Obenour</a><div><a href="https://hachyderm.io/@dalias/114592484954840595" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/275421" title="froge@social.glitched.systems">CyberFrog</a></li><li><a href="https://gnusocial.jp/user/320612" title="sparklepanic@infosec.exchange">Raven (she/they)  🏳️‍⚧️</a></li></ul></div></section><article><p><a href="https://hachyderm.io/@dalias" rel="nofollow">@dalias</a> <a href="https://social.glitched.systems/@froge" rel="nofollow">@froge</a> <a href="https://infosec.exchange/@sparklepanic">@sparklepanic</a> WireGuard is absolutely attack surface: it deals with untrusted packets from the network and performs cryptographic operations.  What software are you thinking of that is not attack surface?</p><p>Yes, vulnerabilities can be in a subset of functionality that can be disabled, but what fraction of users are going to actually disable the functionality?  You might, and I might, but the vast majority of people won’t.  That’s why the push is to get people to upgrade: for 99+% of people, it’s the right thing to do.  You and I are not a representative sample of users.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/5118510#notice-10047242">In conversation</a><time datetime="2025-05-30T08:30:15+09:00" title="Friday, 30-May-2025 08:30:15 JST">about 8 days ago</time> <span>from <span><a href="https://infosec.exchange/@alwayscurious/114593281424580877" rel="external" title="Sent from infosec.exchange via ActivityPub">infosec.exchange</a></span></span><a href="https://infosec.exchange/@alwayscurious/114593281424580877">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Demi Marie Obenour (alwayscurious@infosec.exchange)'s status on Friday, 30-May-2025 08:30:15 JSTDemi Marie Obenour
in reply to
@dalias @froge @sparklepanic WireGuard is absolutely attack surface: it deals with untrusted packets from the network and performs cryptographic operations. What software are you thinking of that is not attack surface?
Yes, vulnerabilities can be in a subset of functionality that can be disabled, but what fraction of users are going to actually disable the functionality? You might, and I might, but the vast majority of people won’t. That’s why the push is to get people to upgrade: for 99+% of people, it’s the right thing to do. You and I are not a representative sample of users.
In conversationabout 8 days ago from infosec.exchangepermalink

Public

Embed Notice

HTML Code

Corresponding Notice