Mastodawn

BrianKrebs Apr 15, 2025

It's worth asking again who would benefit from taking CVE offline? Surely not the United States government, nor its private companies. Not its allies (such as they are now) in Europe. But it almost certainly would help our adversaries, like China and Russia, because confusion and uncertainty works to their advantage always.

BrianKrebs Apr 15, 2025

Probably the last CVE indexed before it goes dark should be CVE-2025-DOGE (critical, local privilege escalation vulnerability that leads to malicious code execution and data exfiltration).

@briankrebs uh what? CVEs are only made for software programs and hardware right? i'd have to check the CVSS scoring system but I think they're only made for software and hardware, unless dogecoin is still around and there is a vulnerability in its code

@adisonverlice @briankrebs DOGE most certainly qualifies as a cybersecurity vulnerability.

@TheRealPomax CVSS will not rate it because it is not a software or hardware.
CVE and CVSS (as stated in another reply) only work on software and hardware in computer systems.
doge is a *government agency* not a *processor*, a *piece of code and or software*, nore is it a *programming language* or any of the sort of software.
so CVSS wouldn't rate it. if CVE were different in it did, say, rate government agencies, then I would agree. but I don't, because cvss and CVE only apply to software and hardware

@adisonverlice Do... you not know who Brian is? Did you completely miss the part where this is a grim joke based on current events by one of the most well known names in cyber security reporting?

adison verlice

@TheRealPomax the only way I know it is a joke is if it is placed in a content warning.
also yes I know who Brian is, i've emailed him and i've communicated him personally before. respectible guy definitely, but he should've put things in a content warning saying something like, joke, or cybersecurity joke, that way it is obvious

@adisonverlice Jokes don't need to be "funny haha it's just a joke, it's not serious", they can also be incredibly serious and harshly confrontational social commentary about how the US is getting dismantled at the moment and DOGE is at the forefront of that effort in the digital space.

This was one of those.

@TheRealPomax still, would've been nice to have a content warning. something like "partial joke, partial reality" would've been good too. when i make jokes, will offen have a content warning, even if it has some reality to it

@TheRealPomax what I will agree with is that yes, doge doesn't seam to have their cybersecurity strate. boy, cyberattacks may happen for 4more years.
still, if a joke is to be made, there should be a content warning so we know it's a joke, or even partially a joke.
otherwise, i'm going to take it as if he meant it and I will start factchecking. and no, I am not an AI< so I don't randomly ban people just for false facts or wish them to be banned, but I will certainly call them out

@adisonverlice Didn't think you were, but I do think you're unfamiliar with how social commentary works, and misunderstood what was being said and why.

The worst thing language can do is only ever be literal, there's context and nuance, and if that's not understood, that's not something to demand people hide.

Language is a rich thing, literal interpretation only gets you so far.

@TheRealPomax not everyone, especially myself, can easily distinguish joke from reality, unless it is super obvious there is some joke and some reality. and I don't think a content warning hides it, it just makes it obvious to the reader so they know what they're getting to.
either way, I can agree with Brian's statement that if this continues, we are definitely fucked. we really need to look at how the government is doing cybersecurity. I know we don't have the time to make our own civilian ran government inside the US, but still things should be investigated