Saagar Jha (@saagar@saagarjha.com)

Saagar Jha

03/31/2024 (replying to Saagar Jha)

But, perhaps, there is solace in the fact that this is basically all of computer security. We just shift around the calculus of which things are profitable to do as we steadily raise the bar everywhere. We can’t stop everything, but maybe it’s for the best that was a backdoor…

Saagar Jha

03/31/2024 (replying to Saagar Jha)

…because, I mean, the thing we usually see is people getting hacked because their code is just broken, not backdoored. So maybe we’ve finally reached the point where the code was just functional enough to make trying this attractive. One can hope, at least

Saagar Jha

03/31/2024 (replying to Saagar Jha)

*Or maybe not, which is the other thing I am a little hopeful about. The steps needed to find this were quite impressive but absent of any other information about backdoors, in particular the ones that actually stay hidden, this got discovered pretty quickly relatively speaking

Saagar Jha

03/31/2024 (replying to Saagar Jha)

So like, statistically, it might be that making a backdoor that is actually undetectable for a while is really difficult. “Many eyes make all bugs shallow” and whatnot, except in a kind of different Bayesian version that nobody really likes but is a little reassuring

1 replies →

1 replies

i.grok

04/02/2024 (replying to Saagar Jha)

@saagar I think there's some evidence for that, given the various commits to disable various checkers that were exposing that something hinky was going on in order to cover it up

The only reason this didn't get more attention is that our tools are too often noisy with false alarms

To me, that's an indication that making the attacks harder isn't a waste of time—and some of those tools didn't even exist a few decades ago, so we're making it better

Saagar Jha

04/03/2024 (replying to i.grok)

@igrok I feel like these tools make it harder to make a backdoor but I was surprised that the attacker didn’t just change their backdoor to operate cleanly in those environments. Maybe they just thought this was easier

i.grok

04/03/2024 (replying to Saagar Jha)

@saagar they were definitely rushing

Likely because systemd was about to disable their backdoor wrt sshd

But the tools definitely increased the profile and thus the risk. Not enough, but it complicated their lives enough to slow them down

Which is something we can be happy about

Saagar Jha

03/31/2024 (replying to Saagar Jha)

An extreme case of Hyrum’s Law I guess, where people will accidentally and unknowingly become dependent on their code not being backdoored