Hmm... but aren't you assuming you can only use an exploit once? If I want buy an exploit and use it 100x as often, sure it's useful life will be shorter but it's clearly not going to cost me 100x more? How do you get to that number?
-
-
i'm not really assuming that. i'm just saying that costs become non-linear once you scale things up and want to be able to keep doing what you're doing over time rather than just briefly. a "big brother" scenario seems a lot more likely to come from key escrow than 0day.
1 reply 0 retweets 3 likes -
Replying to @qwertyoruiopz @rmhrisk and
Dunno, you could just use a 0day once to compromise the build server... that scales really well, and has really happened
2 replies 1 retweet 10 likes -
Replying to @taviso @qwertyoruiopz and
That presumes the code signing system is online and automated; bad design x2.
1 reply 0 retweets 0 likes -
Most code signing system compromises have been due to online keys. That’s why sensitive keys are kept offline.
1 reply 0 retweets 0 likes -
>sensitive keys kept in HSM >code signing HSM connected to internet
1 reply 0 retweets 1 like -
Replying to @saleemrash1d @taviso and
I’ve worked on several such systems for large companies; properly designed ones are either offline (manual) or at a minimum air-gapped; in all casss quorum of physical employees. Not online like let’s encrypt.
2 replies 0 retweets 0 likes -
Replying to @rmhrisk @saleemrash1d and
Ah-ha, I think you're saying you believe you can build a secure HSM infrastructure, but the necessities of a lawful access system (e.g. speed and scale of LE access requirements) would require you to make design compromises?
3 replies 0 retweets 1 like -
The government requires speed? Since when?
1 reply 0 retweets 0 likes -
Replying to @carrickdb @taviso and
200 sovereign nations, 10s of thousand of agencies each, many departments, many employees. Then in the hearings they talk of timelines in hours and days.
1 reply 0 retweets 1 like
I don't see that it follows that all nations will be automatically granted access, but the other part of the argument is convincing to me.
-
-
Replying to @taviso @carrickdb and
It doesn’t require all nations to want equal treatment (though it’s unrealistic to believe they won’t) the volume form the USG alone would necessitate the system being online, take the top 10, its a ridiculous volume.
2 replies 0 retweets 1 like -
In the hearing NY DA said they get over half of the phones today but it doesn’t happen fast enough (suggesting hours and days are necessary) and that the other police departments just can’t do what they can. (e.g. they want to make this ability more readily available)
2 replies 0 retweets 1 like - 42 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.