←back to thread

FBI cyber cop: Salt Typhoon pwned 'nearly every American'

(www.theregister.com)
287 points Bender | 9 comments | 30 Aug 25 12:43 UTC | HN request time: 1.517s | source | bottom
Show context
nekitamo ◴[30 Aug 25 15:11 UTC] No.45075341[source]
This is what we get for installing mandatory government backdoors all over our communications infrastructure. Unbelievable that such a critical piece of infrastructure wasn't secured properly. But after the OPM hack and the bungled implementation of CIA "drop sites" online, nothing about our government's cyber incompetence surprises me anymore.
replies(3): >>45075621 #>>45075962 #>>45076589 #
mensetmanusman ◴[30 Aug 25 17:47 UTC] No.45076589[source]
Computers can never be 100% secure. It’s just a matter of how many zeros one is willing to spend, especially when physical access to the hardware is so easy (for nation states).
replies(4): >>45076710 #>>45076713 #>>45077022 #>>45078898 #
beeflet ◴[30 Aug 25 18:46 UTC] No.45077022[source]
>Computers can never be 100% secure.

This is ridiculous defeatism. You are going to need more 0's than exist in the global economy to crack many cryptosystems.

replies(1): >>45077075 #
1. bongodongobob ◴[30 Aug 25 18:53 UTC] No.45077075[source]
I don't need to crack crypto, I just need to find an admin that can be blackmailed.
replies(1): >>45077121 #
2. beeflet ◴[30 Aug 25 18:59 UTC] No.45077121[source]
Then design the system so that there is not a single source of administrative failure.
replies(2): >>45077350 #>>45080205 #
3. breppp ◴[30 Aug 25 19:33 UTC] No.45077350[source]
and also make sure to design a system without any bugs
replies(1): >>45078805 #
4. beeflet ◴[30 Aug 25 23:08 UTC] No.45078805{3}[source]
You should look into cryptography. It actually is possible to design open systems provably without bugs or single sources of failure. It's possible to build mechanisms of plausible deniability that are largely immune to rubber-hose attacks.

It's also possible to design systems with an intermediate level of security. With your attitude, you might as well leave your house unlocked because any competent locksmith could break in.

replies(1): >>45080595 #
5. bongodongobob ◴[31 Aug 25 03:46 UTC] No.45080205[source]
Lol, ok hotshot.
6. breppp ◴[31 Aug 25 05:28 UTC] No.45080595{4}[source]
I am aware of cryptography, but how does strong cryptography prevents these?

https://www.heartbleed.com

https://www.blackduck.com/blog/understanding-apple-goto-fail...

replies(1): >>45086081 #
7. beeflet ◴[31 Aug 25 19:10 UTC] No.45086081{5}[source]
Side channels are prevented through security audits. There is not an infinite well of bugs in any codebase that will always be exploitable.

Once you patch the bugs, they are patched. You eventually reach a state where there is no more surface area for bugs.

replies(2): >>45086619 #>>45087693 #
8. bongodongobob ◴[31 Aug 25 20:09 UTC] No.45086619{6}[source]
I feel like you've never worked at a company that has decades of tech debt and has more than just a handful of devs.
9. breppp ◴[31 Aug 25 22:32 UTC] No.45087693{6}[source]
I'm sorry, that's not aligned with reality. Possible states in a system grow exponentially with lines of codes added and no one can expect or prevent all the failure states leading to security issues