| |
| ▲ | tptacek 2 days ago | parent [-] | | That was a Juniper supply-chain backdoor, not a compromise of the Dual EC keys. | | |
| ▲ | AnthonyMouse 2 days ago | parent | next [-] | | Exactly. They built a backdoor that "only they" could get into and then somebody else slipped into it anyway. The backdoor is a vulnerability even if you don't have the keys because it requires the trappings of third party access. If you try to get something in the shape of a backdoor through code review, you should get knocked back. But if something in the shape of a backdoor is required then a change in who has the keys to the lock is much smaller, more subtle and easier to sneak in. | | |
| ▲ | tptacek 2 days ago | parent [-] | | No, that's exactly what didn't happen here. The attackers in this case got and maintained for years the ability to slip code into Juniper/Netscreen releases. That the backdoor they chose happened to replace NSA's NOBUS backdoor is just a funny detail. | | |
| ▲ | AnthonyMouse a day ago | parent [-] | | I don't think it's actually irrelevant; there's a reason they did it that way. Getting commit access and being the only one who can even read the code are two very different things. Even if you can modify the code, the less obvious it is that the change is adding a backdoor the less likely someone else is to catch you. | | |
| ▲ | tptacek a day ago | parent [-] | | I think it would be so difficult to convince me that a state-level adversary who has obtained persistent access to Netscreen's builds can't hide arbitrary backdoors that it isn't really worth hashing this out. I'm just going to point out again that the Netscreen attack didn't break the "NOBUS" property of Dual EC --- so far as we know, the Dual EC private keys have never leaked. | | |
| ▲ | AnthonyMouse a day ago | parent [-] | | It seems like you're implying they'd be too good to ever get caught, but... they got caught. The trouble is, making a backdoor less obvious makes it more likely that if they try it 10 times they don't get caught all 10 times, more likely it gets into production before they get caught, more likely that it stays in production for a year instead of a month, etc. | | |
| ▲ | tptacek 17 hours ago | parent [-] | | Who got caught? The Juniper hackers? Obviously yes. They're not NSA. Also, "never getting caught" isn't what NOBUS means. | | |
| ▲ | AnthonyMouse 15 hours ago | parent [-] | | I mean, didn't the NSA also get caught by Snowden? They intended it to be a secret. But the Juniper hackers are the NOBUS failure because changing the locks on a backdoor that somebody else had installed is easier than getting one installed yourself. | | |
| ▲ | tptacek 13 hours ago | parent [-] | | I don't think you're following. "NOBUS" doesn't mean "nobody but us can ever find out about the backdoor"; it means "nobody but us can actually use the backdoor". Ironically, the Juniper PKRNG backdoor --- I assume it was Chinese --- is also a NOBUS backdoor! | | |
| ▲ | AnthonyMouse 10 hours ago | parent [-] | | > it means "nobody but us can actually use the backdoor". Ironically, the Juniper PKRNG backdoor --- I assume it was Chinese --- is also a NOBUS backdoor! Except that it was intended to be "nobody but the us (i.e. the NSA)" and now you've got China using it. | | |
| ▲ | tptacek 9 hours ago | parent [-] | | No, we don't. Respectfully, I don't think you're working from an accurate notion of what "NOBUS" means, and I don't think you have your head fully around the Juniper hack. The Juniper hack replaced the existing backdoor; it didn't break it. NOBUS or not, if your adversary controls your source tree, you're boned. Here, the adversary replaced "our" NOBUS backdoor with theirs. Two different backdoors, different keys, same structure. |
|
|
|
|
|
|
|
|
| |
| ▲ | immibis 2 days ago | parent | prev [-] | | Why are all of your comments consistently just nonconstructively calling other people wrong? |
|
|
