*This article was initially a so.cl post but I decided to move it here.
Hertzbleed definitely looks like the latest entry in the security racket, it always goes the same way:
- Find some unremarkable side channel. Bonus points if it’s something that’s always been known but nobody cared about (Spectre, BadUSB).
- Try your luck with the USENIX reviewers. After enough attempts, you’ll probably get lucky enough when you get a dumb enough panel to accept your quite unremarkable paper.
- As soon as you get the acceptance notice, buy a custom domain and hire a graphic designer (or five, preferably Jony Ive being one of them) for a “cool” logo.
- Hype the absolute fuck out of your “vulnerability”, contact every tech “journalist” who is a Reddit expert with no actual security experience but is good friend with Tim Mitnick. Or Kevin James, I think. One of them is a really good actor and the other one is Kevin James.
- With the clout from the exposure, get paid $500k/year doing “security” at Google or Metabook. Extra bonus points if you move to Berlin.
- Alternative final step: take VC cash for a startup, and sell the “fix” to the non-problem you invented in the first place. Move to Frisco and bask in your glory. Become Paul Graham’s bitch.
And there you have it, the next *bleed “vulnerability”.