The CopyFail announcement and handling is one of the least defender-supporting I think I've ever seen.
-
The CopyFail announcement and handling is one of the least defender-supporting I think I've ever seen.
Mitigations were extremely thin at launch, and haven't improved much, and are even brittle and misleading:
https://infosec.exchange/@tychotithonus/116490466168316767
They've also largely neglected most of the value of the feedback they're getting from defenders clamoring for useful intel. The GitHub repo is full of feedback about which distros are affected or unaffected ... and a day later, none of it has been used to update the list of affected versions in the main README (except for the RHEL made-up version fix)
And this exchange is painful:
https://github.com/theori-io/copy-fail-CVE-2026-31431/issues/12
"None of us are RH people so it wasn't caught"
You had weeks do basic vetting, or find someone who would help you.Theori seems to have to have intended this to be a showcase for their product. Instead, it has convinced me that I will never buy anything from them.
Edit: Will Dorman goes into more detail here, 100% agreed:
https://infosec.exchange/@wdormann/116493725294723695 -
The CopyFail announcement and handling is one of the least defender-supporting I think I've ever seen.
Mitigations were extremely thin at launch, and haven't improved much, and are even brittle and misleading:
https://infosec.exchange/@tychotithonus/116490466168316767
They've also largely neglected most of the value of the feedback they're getting from defenders clamoring for useful intel. The GitHub repo is full of feedback about which distros are affected or unaffected ... and a day later, none of it has been used to update the list of affected versions in the main README (except for the RHEL made-up version fix)
And this exchange is painful:
https://github.com/theori-io/copy-fail-CVE-2026-31431/issues/12
"None of us are RH people so it wasn't caught"
You had weeks do basic vetting, or find someone who would help you.Theori seems to have to have intended this to be a showcase for their product. Instead, it has convinced me that I will never buy anything from them.
Edit: Will Dorman goes into more detail here, 100% agreed:
https://infosec.exchange/@wdormann/116493725294723695@tychotithonus If a random shitposter dropped this then I would understand not having the resources to research and follow up on it. But a startup trying to make a name for itself? It comes across as they got lucky, spent all their time and LLM tokens on hype, and then accidentally proved they don't actually know what they're doing.
I'm all for the disclosure of it, but the theatrics are more of the same overpromise / underdeliver that we've grown so tired of in this field.
-
The CopyFail announcement and handling is one of the least defender-supporting I think I've ever seen.
Mitigations were extremely thin at launch, and haven't improved much, and are even brittle and misleading:
https://infosec.exchange/@tychotithonus/116490466168316767
They've also largely neglected most of the value of the feedback they're getting from defenders clamoring for useful intel. The GitHub repo is full of feedback about which distros are affected or unaffected ... and a day later, none of it has been used to update the list of affected versions in the main README (except for the RHEL made-up version fix)
And this exchange is painful:
https://github.com/theori-io/copy-fail-CVE-2026-31431/issues/12
"None of us are RH people so it wasn't caught"
You had weeks do basic vetting, or find someone who would help you.Theori seems to have to have intended this to be a showcase for their product. Instead, it has convinced me that I will never buy anything from them.
Edit: Will Dorman goes into more detail here, 100% agreed:
https://infosec.exchange/@wdormann/116493725294723695@tychotithonus there should be a playbook in the IR plan for βwe found an exciting bug, now what?β
-
The CopyFail announcement and handling is one of the least defender-supporting I think I've ever seen.
Mitigations were extremely thin at launch, and haven't improved much, and are even brittle and misleading:
https://infosec.exchange/@tychotithonus/116490466168316767
They've also largely neglected most of the value of the feedback they're getting from defenders clamoring for useful intel. The GitHub repo is full of feedback about which distros are affected or unaffected ... and a day later, none of it has been used to update the list of affected versions in the main README (except for the RHEL made-up version fix)
And this exchange is painful:
https://github.com/theori-io/copy-fail-CVE-2026-31431/issues/12
"None of us are RH people so it wasn't caught"
You had weeks do basic vetting, or find someone who would help you.Theori seems to have to have intended this to be a showcase for their product. Instead, it has convinced me that I will never buy anything from them.
Edit: Will Dorman goes into more detail here, 100% agreed:
https://infosec.exchange/@wdormann/116493725294723695@tychotithonus Well said, all around. It seems like a loosey-goosey disclosure, with the highest emphasis on branding and generating hype.
-
The CopyFail announcement and handling is one of the least defender-supporting I think I've ever seen.
Mitigations were extremely thin at launch, and haven't improved much, and are even brittle and misleading:
https://infosec.exchange/@tychotithonus/116490466168316767
They've also largely neglected most of the value of the feedback they're getting from defenders clamoring for useful intel. The GitHub repo is full of feedback about which distros are affected or unaffected ... and a day later, none of it has been used to update the list of affected versions in the main README (except for the RHEL made-up version fix)
And this exchange is painful:
https://github.com/theori-io/copy-fail-CVE-2026-31431/issues/12
"None of us are RH people so it wasn't caught"
You had weeks do basic vetting, or find someone who would help you.Theori seems to have to have intended this to be a showcase for their product. Instead, it has convinced me that I will never buy anything from them.
Edit: Will Dorman goes into more detail here, 100% agreed:
https://infosec.exchange/@wdormann/116493725294723695@tychotithonus agree, I mean this thing is everywhere. For example i think checkpoint firewalls are even RHELβ¦
Alot of scenarios of exploatation is unlikely but I think we will see attack chains coming weeks where this plays a crucial role in successful compromise.
-
@tychotithonus there should be a playbook in the IR plan for βwe found an exciting bug, now what?β
- Find vuln
- Buy .fail domain
- Bask in admiration and VC $
Theori you need to figure out if youβre selling skateboards or doing real infosec.
-
- Find vuln
- Buy .fail domain
- Bask in admiration and VC $
Theori you need to figure out if youβre selling skateboards or doing real infosec.
@badsamurai @h2onolan @tychotithonus he may have brought drone doctrine to infosec but can he repeat to make it a pseudo biz model #rev3 #.fail #greg #italy #one trick pony
-
R relay@relay.infosec.exchange shared this topic
