[Melio]

That's just a very very weird though. Sry but no one just hacks into Nvidias driver dev department and injects complex code to cripple ml training.

It's just nothing someone can just do. And there is also nothing which will prevent Nvidia to debug the ml issue and revert the change.

[pjerem]

AI aside, hacking into the driver’s build process to inject hidden backdoors into the drivers could be a realist attack.

[Melio]

Is it realistic though?

Hacking into Nvidias corp network, infiltrating their git server, disabling security scans and then injecting a backdoor undetected in complex code?

In a process which is highly controlled due to it being a very central peace of software.

Very unrealistic.

It's easier to find or buy zero days in the wild for the same goal

[nimrody]

Well.. that's exactly what happened to Solarwinds last year, didn't it?

Actually smarter than that - they got into the build system and added the malicious code in the build process so you couldn't see it in the repository.

Do you think it's that difficult for a state sponsored body to infiltrate into a commercial company?

[Melio]

The effort my big software company does on regards of requirements of releasing software, I would say yes.

Big companies like Nvidia have background checks, independent security teams etc.

Impossible? No. But easier and cheaper is still other means.

[prettyStandard]

Didn't a bunch of Linux distro s get infected with a "Ken Thompson Hack" a while back?

https://softwareengineering.stackexchange.com/questions/1848...

[prettyStandard]

Ok I think it was Delphi now, but my brain remembered debian. lol.

There is a double cross compilation method to detect if you are infected.

https://wiki.c2.com/?TheKenThompsonHack