undefined | Better HN

0 pointsAnthonyMouse8mo ago0 comments

It seems like you're implying they'd be too good to ever get caught, but... they got caught. The trouble is, making a backdoor less obvious makes it more likely that if they try it 10 times they don't get caught all 10 times, more likely it gets into production before they get caught, more likely that it stays in production for a year instead of a month, etc.

0 comments

tptacek8mo ago

Who got caught? The Juniper hackers? Obviously yes. They're not NSA.

Also, "never getting caught" isn't what NOBUS means.

AnthonyMouseOP8mo ago

I mean, didn't the NSA also get caught by Snowden? They intended it to be a secret.

But the Juniper hackers are the NOBUS failure because changing the locks on a backdoor that somebody else had installed is easier than getting one installed yourself.

tptacek8mo ago

I don't think you're following. "NOBUS" doesn't mean "nobody but us can ever find out about the backdoor"; it means "nobody but us can actually use the backdoor". Ironically, the Juniper PKRNG backdoor --- I assume it was Chinese --- is also a NOBUS backdoor!

1 more reply

j / k navigate · click thread line to collapse

0 comments

tptacek8mo ago

Who got caught? The Juniper hackers? Obviously yes. They're not NSA.

Also, "never getting caught" isn't what NOBUS means.

AnthonyMouseOP8mo ago

I mean, didn't the NSA also get caught by Snowden? They intended it to be a secret.

But the Juniper hackers are the NOBUS failure because changing the locks on a backdoor that somebody else had installed is easier than getting one installed yourself.

tptacek8mo ago

1 more reply

j / k navigate · click thread line to collapse