[Cryptography] Updates on Durov charges in France
Phillip Hallam-Baker
phill at hallambaker.com
Mon Sep 2 18:53:14 EDT 2024
On Mon, Sep 2, 2024 at 3:55 PM efc--- via cryptography <
cryptography at metzdowd.com> wrote:
>
>
> On Mon, 2 Sep 2024, Peter Gutmann wrote:
>
> > efc--- via cryptography <cryptography at metzdowd.com> writes:
> >
> >> This is a weakness that I think is underaprpeciated. I mean the fact
> that
> >> many projects have a small core of programmers, who are know. In order
> to "
> >> break" the system, you can approach and kidnap members of the family of
> the
> >> programmers, or one programmer, and have him add bugs to the project.
> >
> > That's an incredibly high-profile, visible attack, and kidnapping as a
> crime
> > is about... many orders of magnitude more pursuable and punishable by law
> > enforcement than changing a line or two of code in someone's project.
> >
> > I would put this one in the movie-plot-attack category.
> >
> > Peter.
>
>
> https://www.businessinsider.com/crypto-nft-owners-targeted-kidnaps-home-invasions-robberies-2022-2?op=1
>
> When the return on investment is high, high-profile attacks are not
> unheard of.
>
> Also, infiltrating open source projects for years, is not high-profile.
>
The tell that an attack has a nation state behind it is often a comically
long kill chain.
OK to get our backdoor into SSH we are going to compromise this compression
algorithm project and futz with the test libraries...
OK, we will buy this Swiss cryptographic equipment maker and ship product
for decades...
Cases of death caused by autoerotic asphyxiation are vanishingly rare
except amongst the enemies of Vladimir Putin which accounted for 75% of the
known cases until the coincidence was pointed out.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20240902/d83bd865/attachment.htm>
More information about the cryptography
mailing list