| HN Mirror

Y	Hacker News new \| ask \| show \| jobs

by thebruce87m 636 days ago

Usual exploits = using the normal tools to look for buffer overflows and such by attacking the running system and compiled binaries.

Keys to the castle = the ability to also look in the source code for vulnerabilities, run static analysis, fuzzing but also architectural flaws. Basically use extra methods that you can’t do on the running system or binaries. You would expect some tools to be run already by the authors but some tools will find things that others don’t.

Bad actors have an incentive to audit the code (find vulnerabilities) since they were in the process of attacking the system anyway, so why not look at the source? You also have state level attackers who are getting paid to find these sort of things, and others looking to sell 0-days.

Who are good actors? Who is willing to spend their time finding and fixing bugs? There are definitely people doing it out of the kindness of their heart, and others might be researchers and so on, maybe some companies that use the software - but you are relying on these outnumbering the bad actors.

I think there will always be bad actors, and assuming that there is an army of good actors watching your back might not always be correct. But happy to hear other angles, which is why I opened (and accidentally closed) the conversation.

1 comments

tholdem 636 days ago

Good actors do it mostly for money and fame, bad actors do it mostly for money. Both actors do it for open source and closed source software.

Isn't it a good thing that anyone can effectively use tools to check for potential vulnerabilities?

This is just speculation, but I think open source projects may mature faster in terms of security because the low-hanging fruit is maybe found faster than in closed source projects?

Another interesting case I think about a lot is the classic AOSP vs. iOS. Apple tried to sue Corellium for making it easier to research iOS. Then Apple started the Apple Security Research Device program to make it easier for researchers to do iOS research. These two things seem to me to be a kind of involuntary open-sourcing of iOS. Why did Apple see Corellium as a threat and why did they provide researchers with these special devices?