Hacker News new | ask | show | jobs
by cookiengineer 36 days ago
If someone drops 5 confirmed ring 0 exploits/bypasses within 3 months and claims that they got a 6th one... why on earth would you doubt that the 6th one suddenly is fake?

Do you know how hard discovering even one of those is? And how many months of work it takes?
1 comments
aiscoming 36 days ago
this claim is in another galaxy, not your average 0-day
link
anonymars 35 days ago
One possibility is that in their test, TPM+Pin was added as an additional Key Protector, rather than replacing the TPM Key Protector
link
cookiengineer 34 days ago
We're talking about a company with a security culture where opening a text file in notepad.exe can lead to an RCE.

Assuming reasonable implementation standards at this point is the irrational assumption, not the rational one.

link