💾 Archived View for thrig.me › blog › 2023 › 05 › 18 › threat-axis.gmi captured on 2024-02-05 at 10:10:13. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2023-11-14)

-=-=-=-=-=-=-

Threat Axis

Sometimes one might see worries about the "Intel Management Engine" (or the AMD equivalent) which if exploited would give an attacker a flawless victory, sub-zero wins! Given various CVE and TLA some of these fears may have merit. However, these same ME-fearing folks may fire up a "heavyweight champion" web browser without thought, even though that browser has much higher odds of having multiple exploits, and is much more likely to access such exploits from the cornucopia of content in a modern web request. Get over here, geese, it's horn o' plenty time!

Humans are pretty bad at this sort of risk analysis; folks will oft fear to fly but have no trouble sitting in a car. Certainly if possible fly less (planes are still too noisy) and disable the management engine (why is the Clipper chip so hard to disable?) but it's more likely that cars and "heavyweight champion" browsers are where most of the risk is.

Oddly, this society is pretty much setup to mandate the use of cars and browsers by way of development patterns. (And planes, and management engines...)