This naming is very unfortunate, but hilarious to any Brits.

azinman2 · on Aug 16, 2019

I think it’s on purpose. One of the authors is from Oxford after all...

alasdair_ · on Aug 16, 2019

>This naming is very unfortunate, but hilarious to any Brits.

The followup attack targets the "Bluetooth Asynchronous Low Latency Subsystem"

davestephens · on Aug 16, 2019

Very amusing, but definitely missing a trick on the Blue/KNOB combo.

weinzierl · on Aug 16, 2019

Sorry for my ignorance. Can you explain the reference?

throwaway_391 · on Aug 16, 2019

From the article 'Key Negotiation of Bluetooth'.

Basically, researchers started naming vulnerabilities when they thought they mattered. 'Shellshock' and 'EternalBlue' are both deserving of names, IMO.

Then researchers started naming everything, many of the vulnerabilities had zero real world impact, were almost entirely theoretical (many crypto vulns), or required chaining of other attacks to actually achieve anything.

The KNoB description says 'is vulnerable to packet injection by an unauthenticated, adjacent attacker that could result in information disclosure and/or escalation of privileges.' which is sounds extremely caveated. They haven't demonstrated an actual attack so my guess is they've overplayed the significance of the vulnerability entirely and this grants the ability to PITM traffic (which really isn't a defensible boundary, anyway).

Most decent hackers I know laugh at named vulnerabilities unless their technical impact actually matters. Dirty COW took the piss entirely, https://dirtycow.ninja, https://www.zazzle.com/collections/white_theme-1195879626504... .

vonholstein · on Aug 16, 2019

I presume that the parent is referring to https://www.urbandictionary.com/define.php?term=Knob. Warning NSFW text.

rkachowski · on Aug 16, 2019

Calling someone a "knob" is a bit softer than calling someone a "dick", but they both refer to the same body part.