Details dropped earlier today about a computer vulnerability that seriously threatens aspects of data center security. Dubbed “venom” by researchers who discovered it, the flaw lets an attacker burst out of a key piece of cloud infrastructure—virtual machines, which are basically instances of computers programmed onto other physical computers—and to, well, poison neighboring virtual machines.
The cyber security firm CrowdStrike that discovered Venom rolled out a sinister logo and slick website on Wednesday morning, helping to create buzz around the announcement. The move follows in the same vein as other high profile computer bug disclosures, like last year’s “heartbleed” vulnerability (which, by the way, 3-out-of-4 big companies still have not fully remediated).
With that branding behind it, the big bad bug has been catching attention online. The Twittersphere has been alight with commentary. See: “#VENOM.”
The chatter began yesterday with subtle remark posted by Dan Kaminsky, co-founder of the security firm White Ops and one of the researchers who worked with CrowdStrike to alert cloud companies about the bug. Those “in the know” may have recognized his hint of what was to come. As he tells Fortune: “My role in all this—it’s not my bug. CrowdStrike found this thing. Sometimes bugs find me and I go ahead and make sure information about them gets through. I played that role with this bug to make sure the right people knew about it—those being general-to-major cloud providers.”
After the news broke, the majority of tweets about Venom fell into two categories: news updates, or comical jabs at the vulnerability’s marketing campaign. Nowadays, it seems, when discovered by the right folks, computer bugs can get the celebrity treatment. (See: the Venom site.)
Anyway, if you’re interested in the state of patches, go read my colleague Barb Darrow’s recap. If, on the other hand, you’re interested in the best wisecracks, please read on:
(Yes, Fortune intentionally used a non-venomous snake as this post’s photo. Haha!)
Some took jabs at media coverage:
Including a gripe about Fortune‘s headline (hey!):
And others joked about the part of the virtual machine monitor’s code that was found vulnerable: its floppy disk emulator. “Who thinks to look at the floppy disk controller in QEMU?” Kaminsky asked when he spoke with Fortune. “But you’ve got to go find this stuff out!”
Jokes aside, at least one person waxed philosophical about why computer bug disclosure sites never seem to secure their traffic with encryption.
Please let the irony of http://heartbleed.com/ sink in.
Good? Okay. If you have more suggestions, feel free send them to the author on Twitter (@rhhackett) or post links below, and Fortune will consider including them here.
In the meantime, go patch your systems.