Hacker News new | ask | show | jobs
by Melio 1571 days ago
Is it realistic though?

Hacking into Nvidias corp network, infiltrating their git server, disabling security scans and then injecting a backdoor undetected in complex code?

In a process which is highly controlled due to it being a very central peace of software.

Very unrealistic.

It's easier to find or buy zero days in the wild for the same goal
1 comments
nimrody 1571 days ago
Well.. that's exactly what happened to Solarwinds last year, didn't it?

Actually smarter than that - they got into the build system and added the malicious code in the build process so you couldn't see it in the repository.

Do you think it's that difficult for a state sponsored body to infiltrate into a commercial company?

link
Melio 1570 days ago
The effort my big software company does on regards of requirements of releasing software, I would say yes.

Big companies like Nvidia have background checks, independent security teams etc.

Impossible? No. But easier and cheaper is still other means.

link