Saagar Jha (@saagar@saagarjha.com)

Saagar Jha

03/31/2024 (replying to Saagar Jha)

So like, statistically, it might be that making a backdoor that is actually undetectable for a while is really difficult. “Many eyes make all bugs shallow” and whatnot, except in a kind of different Bayesian version that nobody really likes but is a little reassuring

1 replies →

1 replies

i.grok

04/02/2024 (replying to Saagar Jha)

@saagar I think there's some evidence for that, given the various commits to disable various checkers that were exposing that something hinky was going on in order to cover it up

The only reason this didn't get more attention is that our tools are too often noisy with false alarms

To me, that's an indication that making the attacks harder isn't a waste of time—and some of those tools didn't even exist a few decades ago, so we're making it better

Saagar Jha

04/03/2024 (replying to i.grok)

@igrok I feel like these tools make it harder to make a backdoor but I was surprised that the attacker didn’t just change their backdoor to operate cleanly in those environments. Maybe they just thought this was easier

i.grok

04/03/2024 (replying to Saagar Jha)

@saagar they were definitely rushing

Likely because systemd was about to disable their backdoor wrt sshd

But the tools definitely increased the profile and thus the risk. Not enough, but it complicated their lives enough to slow them down

Which is something we can be happy about

Saagar Jha

03/31/2024 (replying to Saagar Jha)

An extreme case of Hyrum’s Law I guess, where people will accidentally and unknowingly become dependent on their code not being backdoored