undefined | Better HN

0 pointstptacek3y ago0 comments

None of these vulnerabilities are "theoretical" (they're maybe a bit stale, is the worst you could say about them).

A reasonable first approximation would be that all writeups about new vulnerabilities are intended to drum up something, so that's just about the least interesting thing you could say about a post like this.

0 comments

bragr3y ago

Theoretical in the sense of actually existing in a widely deployed product such that it can't be responsibly disclosed.

tptacekOP3y ago

I have seen all of these vulnerabilities in widely-deployed products of varying sorts (this was my day job for many years). I don't know who these authors are, I'm just saying that the bugs aren't theoretical.

bragr3y ago

I'm not sure that we agree on what theoretical means. That these classes of bugs are probable does not make their existence in any particular software any less theoretical an in the absence of evidence. Which software? Which endpoint? Sample exploit? One example of a robot executing an unauthorized command? The authors do not say and only offer vague assertions and contrived examples.

j / k navigate · click thread line to collapse

0 comments

bragr3y ago

Theoretical in the sense of actually existing in a widely deployed product such that it can't be responsibly disclosed.

tptacekOP3y ago

bragr3y ago

j / k navigate · click thread line to collapse