Hacker News new | past | comments | ask | show | jobs | submit login

My narrative has in fact nothing whatsoever to do with the FSB. That's why I said "whatever entity".



"your evil backdoor only impacts machines running your software already. " seems to assume that "whatever entity" can freely put in whatever code they want.

I agree that cert collisions is a strange way to backdoor, but to dismiss any questions as to possible malice as "conspiracy theories" seems to ignore many recent events (such as Juniper Networks)


Once again, you're responding to an argument I did not make. I'm not saying this bug doesn't make sense because nobody would want to backdoor Kaspersky AV. Clearly they would. I'm saying it doesn't make sense because it doesn't make sense as a backdoor. It provides the attacker with far less access than they already have, and does so in a way that leaves tracks all over the Internet even when the "backdoor" isn't "in use".


Know what else you said doesn't make sense as a backdoor, times a million?

And this makes way more sense than that one did. Not that I'm convinced that it is one. But if it is, it's a pretty good one IMO.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: