top | item 15042787

(no title)

mrmagooey | 8 years ago

> If there's a serious vulnerability that actually needs your attention, you will read about it in the news

The ol' security through tech press approach. Seriously though, you can't have the security of your devices dependent on whether or not someone has come up with a catchy name for their exploit. The exploits with names like broadpwn and stagefright are the exceptions, not the rules, there are plenty of critical CVE's that have never had cool names or tech articles written about them. Even if an exploit has a cool name and some press, what if people don't upvote it when it gets posted here (or reddit/wherever)?

discuss

throwaway613834|8 years ago

You seem to think that a security hole being "critical" implies you need to care about it. You do not. You only need to care about actual threats, not mere security holes. A "critical" CVE that nobody exploits is pretty darn pointless to worry about, just like how the fact that cellular communication is plaintext isn't really tickling too many people because the average criminal isn't using a Stingray. And an expoit that becomes widespread will get the press attention, precisely because people will want to know about it. (Unless you're the kind of person who's always one of the first few to catch a virus, in which case either you're a security researcher, or you're looking for trouble, or you're hanging out on the wrong networks...)

ryanlol|8 years ago

>And an expoit that becomes widespread will get the press attention, precisely because people will want to know about it.

As you're clearly entirely clueless about security, how do you know this?

If you primarily get your security news via the press, how do you know that they aren't simply missing most things?