With my vulnerability report being picked up, it's fascinating to watch journalists play the game of broken telephone. Very few publications base their reporting on my post, most copy other news publications, often without proper attribution and with added mistakes.

· · Web · 1 · 1 · 2 on the other hand appears to be based on my blog post and Bitdefender announcement only. But it somehow manages to misattribute my statements to Bitdefender while also mangling my other statements in an attempt to avoid placing them in quotation marks.

Show thread

By the way, most articles just copying can be easily spotted because they perpetuate a mistake: the generally well-written article calls certificates warning pages "HSTS warnings," mixing up different concepts.

Show thread got thoroughly confused by Bitdefender announcement claiming that the vulnerability resides in the SAFEPAY browser. No, a malicious website doesn't need to be opened in this browser, the exploit works from any browser as my post clearly states.

Show thread

The author of translated the BleepingComputer article into Spanish, carefully removing all image and discovery attribution in the process. When I pointed this out, he at least added a link to my blog post.

Show thread
Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.