Comment by dogma1138 - Hacker Neue

dogma1138 May 13, 2015 parent

Seriously every vulnerability will have it's own cool name and a website now? Even this? Not a single vendor has classified this as even critical. Yes like all security vulnerabilities it should be taken seriously, but when every clown out there goes all heart bleed on you for every security vulnerability they find because it's the smart marketing move today you stop taking them seriously which in the end is counter productive to this whole "raising awareness" BS they are trying to do....;

AgentME May 13, 2015

A VM escape vulnerability is pretty serious as vulnerabilities go!

dogma1138 OP May 13, 2015

I don't disagree, however with no actual exploit (in the wild or POC according to RH), no confirmation of the ability to execute code on the actual host, so yes important but doesn't really justify the whole name and landing page ordeal.

Not because it's not important, but because it just desensitizes the whole impact of vulnerabilities the caliber of Heartbleed or Shellshock which did affect a large chunk of the servers and machines connected to the internet at the time.

Now they claim it's bigger than heartbleed, but with no exploit, and no clear statement on what actual in use implementations are affected, Amazon already have came out saying that VENOM has never affected their implementation of Xen, if Digital Ocean and Rackspace come out with the same statement it just makes this whole "bigger than HB stance" is silly.

And as far as the corporate/enterprise world goes, well VMware, CISCO, and MSFT hypervisors have a much bigger share out there and their hypervisors are not affected so again no much of a bite there.

DINKDINK May 13, 2015

>Seriously every vulnerability will have it's own cool name and a website now?

is your argument that awareness of this issue would have been better if there wasn't a cool name and website?

dogma1138 OP May 13, 2015

My argument is that raising awareness needs to be done in a tasteful manner, not spreading panic and using pop cloture references.

VIRTUALIZED ENVIRONMENT NEGLECTED OPERATIONS MANIPULATION VENOM seriously, kinda reminds me of:

Ward: Strategic Homeland Intervention, Enforcement and Logistics Division.

Hill: And what does that mean to you?

Ward: It means someone really wanted our initials to spell out "SHIELD."

At least heartbleed and shellshock were kinda properly named, this one is a hell of a stretch.

Inb4 people start registering silly domains that can be used to spell out vulnerabilities.

CITRUS: Channel Insecure Transport Releases User Sessions

TBONE: Transmission Buffer Overflow Network Exploitation

BUTTER: Buffer Underrun Transactional Execution Relay

Let the parking wars begin!

jcox92 May 14, 2015

They need to sound way scarier than that, though.

BONECRUSH: Buffer Overrun Neatly Exceeds Current Reusable User Storage Hindrances

FACENEEDLE: Foreign Actors Can Execute Nefarious Executables, Even During Lockdown... Exploit

HELLSCREAM: Hack Exploiting Lazy Loading Standard Core Runtime Executables And Modules

reinhardt May 13, 2015

Quick, someone propose a .vln or .vuln gTLD!

This item has no comments currently.