|
|
Log in / Subscribe / Register

A different threat model

A different threat model

Posted Mar 3, 2026 15:58 UTC (Tue) by pizza (subscriber, #46)
In reply to: A different threat model by tux3
Parent article: Garrett: To update blobs or not to update blobs

> because maybe I will get to be the threat in the threat model and run my own code on the CPU

....While also enabling other bad actors to do the same.

to post comments

A different threat model

Posted Mar 3, 2026 16:02 UTC (Tue) by tux3 (subscriber, #101245) [Link] (2 responses)

It's relevant that these vulns tend to be local privesc from root to CPU firmware. But any important data I have is in home anyways (XKCD 1200. There's always a relevant XKCD!).
If I'm a bad actor, I will do supply chain attacks against $PACKAGE_MANAGER and watering hole exploits in Firefox long before considering setting up a rootkit via microcode.

A different threat model

Posted Mar 3, 2026 16:33 UTC (Tue) by amw (subscriber, #29081) [Link]

Here's the link to save everyone having to do the search: https://xkcd.com/1200/

A different threat model

Posted Mar 3, 2026 17:12 UTC (Tue) by MortenSickel (subscriber, #3238) [Link]

In fact, this time there are two xkcds: https://xkcd.com/538/


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds