• mranderson17@infosec.pub
    link
    fedilink
    arrow-up
    27
    ·
    9 months ago

    “An attacker would need to be able to coerce a system into booting from HTTP if it’s not already doing so, and either be in a position to run the HTTP server in question or MITM traffic to it,” - Matthew Garrett

    Summary left out a quite important bit.