undefined | Better HN

0 pointsmonocasa7y ago0 comments

I mean, those systems where it's "enabled by default" are systems where kernel or bios explicitly turned it on.

It's a huge problem, and needs to be fixed, but we should use accurate language.

0 comments

2 comments · 1 top-level

sgillen7y ago· 1 in thread

yes you are right we should be careful with our language here. it is disabled by default in the sense that the OEM would have to enable it in order for the exploit to be effective. However since it appears that sometimes the OEMs have been enabling this feature before shipping from consumers, from the consumer standpoint it would appear to be enabled by default.

Just a matter of perspective I guess but yeah it's very important to be clear here.

umanwizard7y ago

The point is that this is not an "exploit in x86". If a lot of Linux admins make their root password "12345" and expose their systems to SSH and you log in to their accounts, you haven't found "an exploit in Linux".

j / k navigate · click thread line to collapse