|
|
|
|
|
|
by immutable_ai
3168 days ago
|
|
|
> Although in our proof of concept demonstrations we rely on the assumption that the light conditions do not change during the exfiltration phase, extending the demos to handle these situations shouldn’t be a problem They say themselves that their demo is not real world and wont work in the real work and then say it "shouldn't be a problem" to make it work. Not to mention that it takes 20 seconds of flashing the users screen to do the thing (how is that supposed to work without setting off alarm bells). As I said, they have no proof of a real world vulnerability, only proof it a staged environment, and they readily admit it. |
|
|
So what. This "default allow" attitude is easily more damaging than any other source of security problems. You (or anyone else) cannot know all of the ways exposing new data could be exploited, or might already be exploited in ways that we are not lucky enough to know about.
Caring about security - which includes the future unknown unknowns you don't yet know to even look for - means minimizing what is exposed to the public attack surface to what is both needed (which does not include anything merely "wanted") and demonstrated/proven to have trivial risk with known limits.