The majority of security issues occur at the integration of two or more systems. Challenges like this, where a single usecase is tested in false isolation, prove nothing about the security of a system. Telegram pulled a similar, also ridiculously useless, stunt.https://twitter.com/officialmcafee/status/1021805449681817600 …
-
-
The thing is, it's really sad. I'd be willing to believe a claim like "if the device is seized or stolen, there is no practical way to recover the private key on the device" - that's a solid claim - but it's a far cry from "unhackable"
Prikaži ovu nit -
"unhackable" just means at some point your security team stopped, that there are definitely security issues in your system, and that when they are eventually discovered you have every incentive to scapegoat, bluff and/or rationalize the failings - and not actually fix them.
Prikaži ovu nit -
Claiming something as "unhackable" makes your system de-facto insecure.
Prikaži ovu nit -
The only system you should ever trust is one where the code and schematics are open and inspectable, and where the security engineers hand you a list of known security issues and corresponding estimates on how much it would cost an attacker to exploit them.
Prikaži ovu nit -
ffs this is a hardware device too...even if the schematics and code were open AND formally proven secure (which itself would be very expensive to do), you still have a bunch of attack vectors targeting the manufacturing, shipping and updating of the device.
Prikaži ovu nit -
Seriously we should start listing security claims with monetary values attached. "If you choose a strong password and your adversary has less than $1000 you are probably fine"
Prikaži ovu nit -
Finally, I just want to point out that the fucking front page of that fucking website is over fucking plain HTTP and that tells me everything I need to know about the security claims that company makes.
Prikaži ovu nit
Kraj razgovora
Novi razgovor -
-
-
Dinner, 7pm, this Friday???

I sell security tools. Love the thread!!Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
yup, but thats even summed up in like every book about security I've seen. still not common knowledge - maybe it should be :)
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.