The security racket

*This article was initially a so.cl post but I decided to move it here.

Hertzbleed definitely looks like the latest entry in the security racket, it always goes the same way:

• Find some unremarkable side channel. Bonus points if it’s something that’s always been known but nobody cared about (Spectre, BadUSB).
• Try your luck with the USENIX reviewers. After enough attempts, you’ll probably get lucky enough when you get a dumb enough panel to accept your quite unremarkable paper.
• As soon as you get the acceptance notice, buy a custom domain and hire a graphic designer (or five, preferably Jony Ive being one of them) for a “cool” logo.

• Hype the absolute fuck out of your “vulnerability”, contact every tech “journalist” who is a Reddit expert with no actual security experience but is good friend with Tim Mitnick. Or Kevin James, I think. One of them is a really good actor and the other one is Kevin James.
• With the clout from the exposure, get paid $500k/year doing “security” at Google or Metabook. Extra bonus points if you move to Berlin.
• Alternative final step: take VC cash for a startup, and sell the “fix” to the non-problem you invented in the first place. Move to Frisco and bask in your glory. Become Paul Graham’s bitch.

And there you have it, the next *bleed “vulnerability”.