With my vulnerability report being picked up, it's fascinating to watch journalists play the game of broken telephone. Very few publications base their reporting on my post, most copy other news publications, often without proper attribution and with added mistakes.


I think the crown so far goes to androidrookies.com/bitdefender which is a confusing mix of Wikipedia info, my article and bleepingcomputer.com/news/secu without any of the sources named. Some of my statements are marked as quotes, others are simply part of the text. And parts are just weird.

· · Web · 1 · 0 · 1

gbhackers.com/vulnerability-in on the other hand appears to be based on my blog post and Bitdefender announcement only. But it somehow manages to misattribute my statements to Bitdefender while also mangling my other statements in an attempt to avoid placing them in quotation marks.

By the way, most articles just copying bleepingcomputer.com/news/secu can be easily spotted because they perpetuate a mistake: the generally well-written article calls certificates warning pages "HSTS warnings," mixing up different concepts.

theregister.com/2020/06/24/bit got thoroughly confused by Bitdefender announcement claiming that the vulnerability resides in the SAFEPAY browser. No, a malicious website doesn't need to be opened in this browser, the exploit works from any browser as my post clearly states.

The author of softzone.es/noticias/seguridad translated the BleepingComputer article into Spanish, carefully removing all image and discovery attribution in the process. When I pointed this out, he at least added a link to my blog post.

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.