Wonder how much corrupt executable code would make it onto machines and actually get run...
-
-
-
@RichFelker You're now in the "people who try to punish end users en masse until get their way" bucket along with stallman. -
@landley It's more of a thought experiment, not something I'm implementing or doing. I don't run APs. -
@landley The realization that this can (and might) happen should be a wake-up call, though. Somebody might decide to implement it. -
@RichFelker Wow, if you think that's even in the top ten of nasty things APs already do, you are way out of touch. -
@landley Maybe so. Just a random thought that got a lot more publicity that it probably deserved. -
@landley But I do think the lack of casual detectability or explicit "useful" malice makes it different from existing attacks.
End of conversation
New conversation -
-
-
@SwiftOnSecurity "But won't that corrupt...?" Isn't that what every ad-injecting AP/ISP is already doing?Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Implementation is simple: using an entropy metric, if (entropy<thres && rand()%100==0) packet[rand()%size]^=1<<rand()%8;
-
@RichFelker "I was trying to look at http://youtorn.com , honest!"
End of conversation
New conversation -
-
-
@RichFelker Isn't this basically just http://www.ex-parrot.com/pete/upside-down-ternet.html … -
@stuartpb Not really. That's more immediately noticed and much heavier to implement.
End of conversation
New conversation -
-
-
@RichFelker@SwiftOnSecurity don't TCP messages get hashed? So wouldn't the manipulated message get re-sent? -
@raptortech97
@RichFelker@SwiftOnSecurity You can modify crc32 on-the-flow, which is not possible with crypto signatures. -
@eloydegen ah, right. -
@eloydegen I still don't see how emulating malicious actors is a good idea -
@raptortech97
@eloydegen Not sure it is. That's why it's an "idea". Point is to get people used to "http is unusable for data you care abt".
End of conversation
New conversation -
-
-
@RichFelker Progressively increase level of bits flipped until by 2025 it's impossible to transmit without encryption.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.