I feel like this is kind of the amateur-hour stuff. It’s certainly dangerous, but in comparison to a lot of state-actor activities (or even committed-amateur activities), this kind of supply-chain attack is pretty blatant and easy to spot. Which doesn’t mean it’s easy to spot
the real worrisome stuff comes from state actors who know what they’re doing and have captured the entire ecosystem to prevent it from being discovered until it doesn’t matter any more. eg stuxnet, prism, etc.
Yeah, exactly. If you read the Snowden leaks to learn the details of what some of their actual capabilities are (smuggling flawed keys into the DH exchange for most major web browsers for example), it makes this stuff look like kids in their basements fucking around.
the real worrisome stuff comes from state actors who know what they’re doing and have captured the entire ecosystem to prevent it from being discovered until it doesn’t matter any more. eg stuxnet, prism, etc.
Yeah, exactly. If you read the Snowden leaks to learn the details of what some of their actual capabilities are (smuggling flawed keys into the DH exchange for most major web browsers for example), it makes this stuff look like kids in their basements fucking around.
i can’t read them, they frighten me. lol
How about these words: “Reflections on Trusting Trust”.