<![CDATA[The CopyFail announcement and handling is one of the least defender-supporting I think I've ever seen.]]>The CopyFail announcement and handling is one of the least defender-supporting I think I've ever seen.

Mitigations were extremely thin at launch, and haven't improved much, and are even brittle and misleading:

https://infosec.exchange/@tychotithonus/116490466168316767

They've also largely neglected most of the value of the feedback they're getting from defenders clamoring for useful intel. The GitHub repo is full of feedback about which distros are affected or unaffected ... and a day later, none of it has been used to update the list of affected versions in the main README (except for the RHEL made-up version fix)

And this exchange is painful:

https://github.com/theori-io/copy-fail-CVE-2026-31431/issues/12

"None of us are RH people so it wasn't caught" 😐 You had weeks do basic vetting, or find someone who would help you.

Theori seems to have to have intended this to be a showcase for their product. Instead, it has convinced me that I will never buy anything from them.

Edit: Will Dorman goes into more detail here, 100% agreed:
https://infosec.exchange/@wdormann/116493725294723695

]]>https://board.circlewithadot.net/topic/2a08a5b5-5927-4541-88c8-984479011e07/the-copyfail-announcement-and-handling-is-one-of-the-least-defender-supporting-i-think-i-ve-ever-seen.RSS for NodeFri, 15 May 2026 06:46:11 GMTThu, 30 Apr 2026 13:38:24 GMT60<![CDATA[Reply to The CopyFail announcement and handling is one of the least defender-supporting I think I've ever seen. on Thu, 30 Apr 2026 14:59:59 GMT]]>@badsamurai @h2onolan @tychotithonus he may have brought drone doctrine to infosec but can he repeat to make it a pseudo biz model #.fail trick pony

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/gary_alderson/statuses/116494250800167710https://board.circlewithadot.net/post/https://infosec.exchange/users/gary_alderson/statuses/116494250800167710Thu, 30 Apr 2026 14:59:59 GMT<![CDATA[Reply to The CopyFail announcement and handling is one of the least defender-supporting I think I've ever seen. on Thu, 30 Apr 2026 14:54:15 GMT]]>@h2onolan @tychotithonus

  1. Find vuln
  2. Buy .fail domain
  3. Bask in admiration and VC $

Theori you need to figure out if you’re selling skateboards or doing real infosec.

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/badsamurai/statuses/116494228203434744https://board.circlewithadot.net/post/https://infosec.exchange/users/badsamurai/statuses/116494228203434744Thu, 30 Apr 2026 14:54:15 GMT<![CDATA[Reply to The CopyFail announcement and handling is one of the least defender-supporting I think I've ever seen. on Thu, 30 Apr 2026 14:20:46 GMT]]>@tychotithonus agree, I mean this thing is everywhere. For example i think checkpoint firewalls are even RHEL…

Alot of scenarios of exploatation is unlikely but I think we will see attack chains coming weeks where this plays a crucial role in successful compromise.

]]>https://board.circlewithadot.net/post/https://swecyb.com/users/meriksson/statuses/116494096573763476https://board.circlewithadot.net/post/https://swecyb.com/users/meriksson/statuses/116494096573763476Thu, 30 Apr 2026 14:20:46 GMT<![CDATA[Reply to The CopyFail announcement and handling is one of the least defender-supporting I think I've ever seen. on Thu, 30 Apr 2026 14:20:14 GMT]]>@tychotithonus Well said, all around. It seems like a loosey-goosey disclosure, with the highest emphasis on branding and generating hype.

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/scottwilson/statuses/116494094434309014https://board.circlewithadot.net/post/https://infosec.exchange/users/scottwilson/statuses/116494094434309014Thu, 30 Apr 2026 14:20:14 GMT<![CDATA[Reply to The CopyFail announcement and handling is one of the least defender-supporting I think I've ever seen. on Thu, 30 Apr 2026 13:52:30 GMT]]>@tychotithonus there should be a playbook in the IR plan for “we found an exciting bug, now what?”

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/h2onolan/statuses/116493985415989455https://board.circlewithadot.net/post/https://infosec.exchange/users/h2onolan/statuses/116493985415989455Thu, 30 Apr 2026 13:52:30 GMT<![CDATA[Reply to The CopyFail announcement and handling is one of the least defender-supporting I think I've ever seen. on Thu, 30 Apr 2026 13:48:39 GMT]]>@tychotithonus If a random shitposter dropped this then I would understand not having the resources to research and follow up on it. But a startup trying to make a name for itself? It comes across as they got lucky, spent all their time and LLM tokens on hype, and then accidentally proved they don't actually know what they're doing.

I'm all for the disclosure of it, but the theatrics are more of the same overpromise / underdeliver that we've grown so tired of in this field.

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/cR0w/statuses/116493970260630600https://board.circlewithadot.net/post/https://infosec.exchange/users/cR0w/statuses/116493970260630600Thu, 30 Apr 2026 13:48:39 GMT