tef1d ago

finding myself repeating "fuzzers are stochastic, with enough cpu time you will always find a bug, results are a usually demonstration of resources not algorithms"

like, hacking, along with spam and fraud are the sorts of activities where things only need to work 0.1% of the time to be successful

it isn't a demonstration of clever code or tooling but the uncompromising effectiveness of sheer brute force heh

Show threadPozorvlak
@tef dude, this is cope. What you say is all true, but they have (apparently) dramatically reduced the resources required to find and exploit vulnerabilities which resisted many rounds of previous investigation. This is a big deal.
Apr 8 at 1:50pmWeb
Show threadCassandrich1d ago
@pozorvlak @tef Sounds more like they've drastically subsidized the resources to push the narrative they want investors and corporate C suites to buy.
Show threadLars Marowsky-Brée 😷1d ago

@pozorvlak @tef I'd question they've "dramatically reduced" the resources, given that they've thrown a metric fuck ton of resources at the problem space.

But yes, they also have found very severe real issues and dismissing this as "any linter/fuzzer could have" is a bit of a cope - because they clearly _didn't_ in the past.

So the real world impact of this is, well, real.