←back to thread

Investigating an "evil" RJ45 dongle

(lcamtuf.substack.com)
289 points zdw | 5 comments | 17 Jan 25 20:41 UTC | HN request time: 0s | source
Show context
klik99 ◴[17 Jan 25 21:24 UTC] No.42743428[source]
"If you want to try it, be aware that it requires Intel Pentium 166MHz or above."

Made me laugh. Fun article, also really love the genre of "bored smart person goes too deep on something that the end result is obvious by common sense but proving it requires surprising amount of ingenuity and scrappiness"

replies(3): >>42743506 #>>42743514 #>>42743529 #
1. fishstock25 ◴[17 Jan 25 21:33 UTC] No.42743514[source]
Totally agree.

And a great example that truth is complicated, expensive and uncomfortable. It's much easier to postulate an evil nation-state entity with a bad plan (without evidence) than to dig through the thicket of this article. It's much cheaper as well, certainly in terms of time and knowhow. And it's also much more comfortable to claim you're the victim and have uncovered a conspiracy, rather than realize this was just the result of the patchwork typical of engineering.

Kudos to the author.

replies(2): >>42743569 #>>42743630 #
2. klik99 ◴[17 Jan 25 21:42 UTC] No.42743569[source]
Yeah, the insane takes spread faster but it takes more time and resources to look into it than just come to conclusions early.

The worst thing is this creates an environment where most people are either completely credulous and buy into everything or completely incredulous and think everything is unfounded. It's just exhausting to have a healthy level of skepticism these days, and maybe 1 out of 1000 times (number source: from thin air) something that sounds insane actually has some truth to it.

replies(1): >>42743711 #
3. DSMan195276 ◴[17 Jan 25 21:50 UTC] No.42743630[source]
I would also add, it's not _unreasonable_ to be wary of something when a tool like a virus scan pops up a warning. The jargon used to explain what the executable is doing is gibberish to any 'normal' user, there's no way for them to know it's listing stuff you'd more or less expect it to be doing.

Of course, there's a bit of a jump from that to making bold claims about what it's doing, but the initial concern was understandable.

4. fishstock25 ◴[17 Jan 25 21:58 UTC] No.42743711[source]
Yeah, for a substantial fraction of people, this case will stick to their minds as "oh the chinese .. again" It's both sad and scary. It was even submitted to HN. Flagged by now, but still. Many people won't have read this follow-up, especially since it doesn't come as a 1-sentence TL;DR..
replies(1): >>42744497 #
5. dgfitz ◴[17 Jan 25 23:54 UTC] No.42744497{3}[source]
Hmm, why is it sad and scary?