• xmunk@sh.itjust.works
    link
    fedilink
    arrow-up
    8
    ·
    5 months ago

    Everyone knows that if a member of the PRC’s secret police took a plane to LAX they’d be physically unable to write malware or backdoors. America has a circle of protection cast over it that prevents malicious actors.

    Obviously, yea, we should empower an agency to check all software for backdoors… and, ideally, they should be checking for shit from the NSA too.

    • Software is easy. It’s the hardware backdoors that are hard to find, and those have been being built for at least a decade. They were pretty simple to start; I can’t imagine what they’re capable of hiding in 5nm process chips.

      • xmunk@sh.itjust.works
        link
        fedilink
        arrow-up
        6
        ·
        5 months ago

        The hardware backdoors are pretty difficult to find… but I object to your statement that software is easy. The obfuscated C contest is a wonderful demonstration.

        • You know the best way to analyze a submission to the OCCC? Compile it, then run the result through a disassembler. You get back far more readable code than the source.

          But you’re right; reading code isn’t easy; I meant relatively. If you have government-level resources and can hire a bunch of experienced software developers to review source code, armed with a bunch if static analysis tools (<cough>NSA), you have a decent chance of finding malicious code in software. I know of no similar tools (and the automated software analysis tools are the important factor) for finding backdoors in hardware.