|
|
Log in / Subscribe / Register

A different threat model

A different threat model

Posted Mar 3, 2026 16:02 UTC (Tue) by tux3 (subscriber, #101245)
In reply to: A different threat model by pizza
Parent article: Garrett: To update blobs or not to update blobs

It's relevant that these vulns tend to be local privesc from root to CPU firmware. But any important data I have is in home anyways (XKCD 1200. There's always a relevant XKCD!).
If I'm a bad actor, I will do supply chain attacks against $PACKAGE_MANAGER and watering hole exploits in Firefox long before considering setting up a rootkit via microcode.

to post comments

A different threat model

Posted Mar 3, 2026 16:33 UTC (Tue) by amw (subscriber, #29081) [Link]

Here's the link to save everyone having to do the search: https://xkcd.com/1200/

A different threat model

Posted Mar 3, 2026 17:12 UTC (Tue) by MortenSickel (subscriber, #3238) [Link]

In fact, this time there are two xkcds: https://xkcd.com/538/


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds