| ▲ | chadd 4 hours ago | |
re: binary attestation: "Whether the server rejects that outright or just logs it is an open question" ...what we did at Snap was just wait for 8-24 hours before acting on a signal, so as not to provide an oracle to attackers. Much harder to figure out what you did that caused the system to eventually block your account if it doesn't happen in real-time. (Snap's binary attestation is at least a decade ahead of this, fwiw) | ||
| ▲ | 15155 4 hours ago | parent [-] | |
LLMs and radare2 absolutely breeze through undoing binary protection and virtualization, tracing execution flow, etc. Sans the ability to JIT, I don't see non-hardware-assisted binary attestation for Snap and others lasting very long in a post-LLM world. | ||