Article <v8onc2$6o40$2@dont-email.me>

Deutsch English Français Italiano
<v8onc2$6o40$2@dont-email.me>

View for Bookmarking (what is this?)
Look up another Usenet article
Path: ...!news.mixmin.net!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: Don Y <blockedofcourse@foo.invalid>
Newsgroups: sci.electronics.design
Subject: Re: Hackers hope to democratize laser-based processor hacking for
 $500
Date: Sun, 4 Aug 2024 13:12:49 -0700
Organization: A noiseless patient Spider
Lines: 26
Message-ID: <v8onc2$6o40$2@dont-email.me>
References: <v8nub2$p2vp$1@solani.org> <v8odgv$5eme$1@dont-email.me>
 <v8ogv8$2435$1@nnrp.usenet.blueworldhosting.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Sun, 04 Aug 2024 22:12:50 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="568bca9e299cae539fb168ca390b4582";
	logging-data="221312"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX192d9sWuK9sR2rSq/kMH+PW"
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:102.0) Gecko/20100101
 Thunderbird/102.2.2
Cancel-Lock: sha1:AbaPwK40at3a1R0rqv0ffmEf3EE=
In-Reply-To: <v8ogv8$2435$1@nnrp.usenet.blueworldhosting.com>
Content-Language: en-US
Bytes: 2333

On 8/4/2024 11:23 AM, Edward Rawde wrote:
> In this context, making the world a better place requires demonstating to
> hardware/software vendors that they can't just cobble something together and
> hope it's secure.

I suspect very few people have ever played RED/BLUE games in their careers
(or in academia).

You actually need to be *tasked* with "breaking something" in order to
see all of its warts.

Developers always make assumptions about how their products will be used
and the sorts of "misuse" they THINK they need to guard against.  But,
users (and ABusers) aren't bound by those delusions.  So, when a
product encounters something out-of-the-ordinary, it often shits the
bed.  If you can convince it to shit the bed in a manner that can be
exploited...  <grin>

Remember, YOU likely have addition limits imposed on what YOU would
subject YOUR device to; there is nothing that forces someone else to
similarly restrain themselves!

So, you have to EXPLICITLY enforce any limitations in your hardware/software
if you want to be SURE they won't be subverted (by an adversary or a sloppy
developer!)