Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://mastodon.nzoss.nz/users/strypey/statuses/113346420052500799">Strypey (strypey@mastodon.nzoss.nz)'s status on Tuesday, 22-Oct-2024 01:47:07 JST</a><a href="https://mastodon.nzoss.nz/@strypey" title="strypey@mastodon.nzoss.nz"><img src="https://gnusocial.jp/avatar/4086-48-20250114044441.webp" width="48" height="48" alt="Strypey" style="position: absolute; left: 0; top: 0;">Strypey</a><div><a href="https://gnusocial.jp/notice/7533692" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/274913" title="feld@friedcheese.us">feld</a></li></ul></div></section><article><p><a href="https://friedcheese.us/users/feld">@feld</a> </p><p>&gt; How complicated is "they knew about the vulnerability for years, never documented it, never warned users, never fixed it" ?</p><p>Did you even read the page at the link you gave me?</p><p>It was documented. It was an edge case vulnerability that couldn't be made to work over a network. Even if it could, the data theoretically at risk of being exposed wasn't significant payload. It wasn't fixed because it was purely theoretical, not a production vulnerability of any significance.</p><p><a href="https://yuga.surf/users/vhns">@vhns</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/3846366#notice-7547776">In conversation</a><time datetime="2024-10-22T01:47:07+09:00" title="Tuesday, 22-Oct-2024 01:47:07 JST">about 8 months ago</time> <span>from <span><a href="https://mastodon.nzoss.nz/@strypey/113346420052500799" rel="external" title="Sent from mastodon.nzoss.nz via ActivityPub">mastodon.nzoss.nz</a></span></span><a href="https://mastodon.nzoss.nz/@strypey/113346420052500799">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Strypey (strypey@mastodon.nzoss.nz)'s status on Tuesday, 22-Oct-2024 01:47:07 JSTStrypey
in reply to
- Vitor Hugo
- feld
@feld
> How complicated is "they knew about the vulnerability for years, never documented it, never warned users, never fixed it" ?
Did you even read the page at the link you gave me?
It was documented. It was an edge case vulnerability that couldn't be made to work over a network. Even if it could, the data theoretically at risk of being exposed wasn't significant payload. It wasn't fixed because it was purely theoretical, not a production vulnerability of any significance.
@vhns
In conversationabout 8 months ago from mastodon.nzoss.nzpermalink

Public

Embed Notice

HTML Code

Corresponding Notice