What benefit does it offer? There's no penalty for making a bugdoor, so if you catch the vendor's bugdoor, they have to make a new one?
Not really, you already mentioned Dual-EC. As I understand it, they argue they generated them randomly and it was a genuine spec-bug. You argue is was a bugdoor, but it can only be exploited in one direction, right? The same is true for other bug classes.
-
-
Like what? I’m curious what kinds of non-cryptographic bugs are NOBUS like Dual EC.
-
Umm, stack buffer overflow parsing https://vendor/latestversion.txt? Nobody else can exploit that, right?
- 27 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
