Sloan the Serval@pawb.socialtoFurry Technologists@pawb.social•Raspberry Pi Used To Hijack Casino Card Shuffler
·
1 year agoThat's a bit unfortunate. The problem with trying to fix this in software is that it's only a matter of time until someone manages to get around the fix. And any hardware fix would require a redesign anyway unless it's an add-on module, but that could be unplugged.
If the vulnerability is part of a feature designed for niche use cases, then it's far safer than one that affects general use. I highly doubt most people are going to run virtual machines, plus the main target is server hosts that use VMs to run multiple servers of the same type on the same box. I might run a VM at some point in the future, but when I do I'll take steps to avoid any issues, like only enabling virtualization in the first place when I need it. Sure, that means I need to boot into the UEFI before and after every time I run a VM, but that's not an issue on the system I'd be running it on. And I'd rather have that inconvenience than have to worry about a vulnerability at all times.
In short, it's a matter of risk management.