Hey! I’m one of the authors of this blog post. We (the GitHub Security Lab) developed an open-source AI-framework that supports security researchers in discovering vulnerabilities. In this blog post we show how it works and talk about the vulnerabilities we were able to find using it (including viewing PII of other users in online shops and logging into a popular chat application service using ANY password)
The relevant part being: "But it has become so dire that large industrial companies are buying washing machines in order to rip out the chips and repurpose them, according to ASML CEO Peter Wennink."
Well, Microsoft often uses suspicious looking URLs for their services.
E.g. Office/OneDrive connects to hosts like "oneclient.sfx.ms" and "auth.gfx.ms".
So as a user you have to trust these domains and you also have to trust the domain management of the island of Montserrat.
>Signed HTTP Exchanges (or SXG) enables loading Web contents signed by the content publishers from anywhere, e.g. from a fast server, as if they came from the original publishers.
Correct me if I'm wrong, but this seems to be part of a greater vision (as heard before). Not only is the transported content protected by TLS, the content is also signed by the publisher and can be loaded from other servers. E.g. makes sense in an AMP context. (As you still know that the content was produced by your newspaper)
I don't like this comparison of death toll numbers.
At the same time I think the death toll of 9/11 is unfortunately much higher as an alarmingly big number of first responders were diagnosed with cancer and many of them died already.
I think the project is really needed, but I'm not sure it's quite ready yet. The OpenJDK 10 build shows 25 November 2017 as it's build date and is Linux and macOS only.