Conversation

Notices

1. Embed this notice
   Wolf480pl (wolf480pl@mstdn.io)'s status on Monday, 01-Apr-2024 08:35:33 JST Wolf480pl

   in reply to

   • Piggo :verified_horse:
   • ɗ𐐩ʃƕρʋ

   @deshipu @piggo
   Also, if people now go looking for those backdoors and find a bunch, that's gonna make some fun 38c3 talks which I can't wait to watch.

   • Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     Wolf480pl (wolf480pl@mstdn.io)'s status on Monday, 01-Apr-2024 08:35:34 JST Wolf480pl

     in reply to

     • Piggo :verified_horse:
     • ɗ𐐩ʃƕρʋ

     @deshipu @piggo
     I disagree.

     You can't defend from the govt of the country you live in when it targets you specifically.

     If it's a govt of a country you don't live in, the $5 wrench starts to require months of preparation and risking burning an agent which is way more than $5.

     And if they don't target you specifically, then you just need to be slightly harder to attack than most other people.

   • Embed this notice
     Wolf480pl (wolf480pl@mstdn.io)'s status on Monday, 01-Apr-2024 08:35:34 JST Wolf480pl

     in reply to

     • Piggo :verified_horse:
     • ɗ𐐩ʃƕρʋ

     @deshipu @piggo

     Also, if they're trying to do mass exploitation, we can try to deny them the scaling advantage.

     After you spent 2 years of preparation and everyone has a backdoored sshd, and you've attacked N targets using it, the marginal cost of attacking N+1th target is way less than $5 for a wrench.

     But if we can prevent these backdoors, it's no longer worth to spend 2 years on a backdoor that won't work, and instead they'll have to attack each target individually.

   • Embed this notice
     ɗ𐐩ʃƕρʋ (deshipu@fosstodon.org)'s status on Monday, 01-Apr-2024 08:35:35 JST ɗ𐐩ʃƕρʋ

     in reply to

     • Piggo :verified_horse:

     @piggo It's really not, just the channel is different. Let's be honest, no script kiddie is going to hatch a plot that takes two years to capitalize on. This person (or more likely a whole team) is doing this professionally. And there are pretty much two kinds of organizations that need such employees: governments and companies that sell to governments. And there is really nothing you can do to defend yourself from those. They just used gloves this time.

   • Embed this notice
     ɗ𐐩ʃƕρʋ (deshipu@fosstodon.org)'s status on Monday, 01-Apr-2024 08:35:36 JST ɗ𐐩ʃƕρʋ

     in reply to

     • Piggo :verified_horse:

     @piggo Does it matter? Realistically, you can't defend against an attacker that has those resources. They can just bash down your doors at 4am, smash half your possessions, confiscate the rest, and put you in jail or worse at any moment they choose, with pretty much no consequences to themselves.

     https://xkcd.com/538/

   • Embed this notice
     Piggo :verified_horse: (piggo@piggo.space)'s status on Monday, 01-Apr-2024 08:35:36 JST Piggo :verified_horse:

     in reply to

     • ɗ𐐩ʃƕρʋ
     @deshipu that's a very different kind of threat we're talking of here
   • Embed this notice
     Piggo :verified_horse: (piggo@piggo.space)'s status on Monday, 01-Apr-2024 08:35:37 JST Piggo :verified_horse:
     makes u wonder how many more poisoned supply chain backdoors there are we did not notice because the bad actor wasn't as sloppy as this one