Unlikely. At sea level you'd have to go 8km/s to orbit the planet (which is kinda hard to pull off with air resistance and all that, hence we usually go up a few kilometers first). Still, even up there in LEO you still need about 7.5km/s to stay up there.
That's about 17,000 mph for you imperials out there.
But I have a financial interest in him! He's going to kill himself and I want to cash in on that, if that isn't a financial interest in someone, then what is?
Then why differentiate? Just watch and enjoy the fallout. Either from a troll making someone blow a gasket or from an idiot blowing himself up, it's all good.
What "stopped" VC is simply that there is nothing worthwhile left to invest in.
You see, investors want to see a ROI. That can only happen, of course, if the business you invest in can actually, well, do business. And for this you need customers. And customers are rare, considering that all the money is neatly tucked away on the supply side. There is simply no demand, at least by no means enough to warrant VCing in some new businesses.
So those VCs and their load of surplus money were looking for something to pump that money into. Something where a sensible ROI is still to be had.
Now ponder for a moment what this could possibly be.
It's not that they can't code. It's more that malware is a business. You get paid to crank out code, so you crank out code. And the great thing is that you don't need to service it past 2-3 days because nobody gives a shit about it any later.
It compiles. Ship it. Work on the next incarnation. Working a week longer means that the antivirus software can't detect your malware for 36 hours instead of 18. But in that week you could also crank out 5 more variants that can't be detected for 18 hours each.
Nobody outside some TLAs gives half a fuck whether the malware is from Russia, Zimbabwe or Generistan. What we care about is that it doesn't affect us.
Back 10 years ago when I was last analyzing malware for a living, we already had this phenomenon where you would find certain "tricks" in various bits of malware. Aside of packers and other attempts to keep you from spotting the malware, there have always been (commercial and free) code snippets that were widely used.
Especially today when malware is no longer an "artform" where some self appointed genius feels that urge to show the world just how clever he is, writing the n-th polymorphing worm but rather commercial software not unlike any other, the makers of said software simply don't have the luxury anymore to puzzle and tinker with it for months to get the "perfect" malware done that will thwart all your attempts to detect it for all eternity because (insert random reason here).
You have to understand how the malware business works (something our politicians fail routinely whenever they dream up some "state controlled trojan"). Unless you're spearfishing, malware business does not target anything. It's not a sniper gun. It's more a cluster bomb. Not caring what it hits. So it goes for the soft targets, the users without a clue and without sensible antivirus protection. And for them you don't need a highly sophisticated, well crafted trojan making use of multiple 0days you got from your buddy at some TLA. What you need for them is any old trick. Yes, a current AV would detect it and a well patched system wouldn't be susceptible, and 9999 of 10000 systems are not vulnerable.
But since you're targeting 100 million machines...
Probably all you need is slap a RasPi into the whole deal somehow.
I somehow question Apple's ability to make sensible hardware anymore. They forgot everything else that made them stand out and be the pinnacle of user friendliness, why should they still be good at this?
Given how well their more recent developments worked out, you'll probably have to hack, tinker, toy, update, upgrade and send in for repairs a lot anyway, so why not go all the way and just do it yourself from scratch?
One should think so, but in the end it makes little if any difference.
Using an even moderately sized RSA key (IIRC 512bit) for encryption means that you'd have to try about 1.8*10^302 combinations of primes. You think that multiplying that with 65535 ports makes any measurable difference?
There are other attacks that are possible, and yes, some of them rely on weak or faulty implementation of the underlying algorithm. And yes, knowing that you use a weak implementation is useful. But not that you use a certain algorithm. If knowing the algorithm itself is already a weakness, replace the algorithm.
Before I understood that you threatening me to kick me hard enough to send me to the moon was not meant literally, I would probably have questioned your ability to kick hard enough for me to reach escape velocity, since our bodies would both rather disintegrate from the required force, and even if we ignored that you would have to absorb the energy required to send me on an escape trajectory due to the third Newtonian law, atmospheric friction alone would ensure that I would not even leave the atmosphere and burn up before reaching even the stratosphere.
"Security by obscurity", in its utmost extent, means that you must not know how the lock works because if you knew the lock would be worthless. In IT security it means that knowing the algorithm used to encrypt already weakens or even eliminates the security. A good example thereof is pretty much all Pre-WW2 encryption, e.g. the good old Caesar cipher. Knowing that a text is encrypted with the Caesar already tells you enough that 26 attempts at breaking later you have the clear text.
I think it is easy to see that a cipher that is not weakened even if the adversary knows not only the cipher used but even potentially the actual implementation (as is the case with PGP) is superior.
His world being the world of the Linux Kernel. When you use this context then of course any security breach is due to a bug, simply because, well, what else should it be?
Unlikely. At sea level you'd have to go 8km/s to orbit the planet (which is kinda hard to pull off with air resistance and all that, hence we usually go up a few kilometers first). Still, even up there in LEO you still need about 7.5km/s to stay up there.
That's about 17,000 mph for you imperials out there.
No. Not even remotely close enough.
Excuse me, but what is the punishment for suicide? The death penalty?
I fail to see the threat, ya know...
But I have a financial interest in him! He's going to kill himself and I want to cash in on that, if that isn't a financial interest in someone, then what is?
Agent budgenator, please report to your superior, you are not supposed to impart this knowledge to outsiders.
Well, it looks like he's going to do it in a deserted area. It's gonna be fine, don't worry.
Then why differentiate? Just watch and enjoy the fallout. Either from a troll making someone blow a gasket or from an idiot blowing himself up, it's all good.
Why exactly?
Sorry, I'm done with trying to make the world a better place. All I want to do now is watch it fall apart on YouTube.
is there any way to root it and use it ourselves?
Yes.
Why do you think a patch is necessary?
The kind where the user can take control of his machine against the wishes of its maker? Yeah, that's a nasty one, fix that immediately!
There were as much investors as kickstarter backers are VCs.
But people like being called something that's associated with being rich and knowing how to invest, so...
But this isn't a pyramid scheme. It's more a trapezoid.
What "stopped" VC is simply that there is nothing worthwhile left to invest in.
You see, investors want to see a ROI. That can only happen, of course, if the business you invest in can actually, well, do business. And for this you need customers. And customers are rare, considering that all the money is neatly tucked away on the supply side. There is simply no demand, at least by no means enough to warrant VCing in some new businesses.
So those VCs and their load of surplus money were looking for something to pump that money into. Something where a sensible ROI is still to be had.
Now ponder for a moment what this could possibly be.
Tonight I'm gonna party like it's 1929...
Mmmm.... I don't think so.
It's not that they can't code. It's more that malware is a business. You get paid to crank out code, so you crank out code. And the great thing is that you don't need to service it past 2-3 days because nobody gives a shit about it any later.
It compiles. Ship it. Work on the next incarnation. Working a week longer means that the antivirus software can't detect your malware for 36 hours instead of 18. But in that week you could also crank out 5 more variants that can't be detected for 18 hours each.
Nobody outside some TLAs gives half a fuck whether the malware is from Russia, Zimbabwe or Generistan. What we care about is that it doesn't affect us.
Back 10 years ago when I was last analyzing malware for a living, we already had this phenomenon where you would find certain "tricks" in various bits of malware. Aside of packers and other attempts to keep you from spotting the malware, there have always been (commercial and free) code snippets that were widely used.
Especially today when malware is no longer an "artform" where some self appointed genius feels that urge to show the world just how clever he is, writing the n-th polymorphing worm but rather commercial software not unlike any other, the makers of said software simply don't have the luxury anymore to puzzle and tinker with it for months to get the "perfect" malware done that will thwart all your attempts to detect it for all eternity because (insert random reason here).
You have to understand how the malware business works (something our politicians fail routinely whenever they dream up some "state controlled trojan"). Unless you're spearfishing, malware business does not target anything. It's not a sniper gun. It's more a cluster bomb. Not caring what it hits. So it goes for the soft targets, the users without a clue and without sensible antivirus protection. And for them you don't need a highly sophisticated, well crafted trojan making use of multiple 0days you got from your buddy at some TLA. What you need for them is any old trick. Yes, a current AV would detect it and a well patched system wouldn't be susceptible, and 9999 of 10000 systems are not vulnerable.
But since you're targeting 100 million machines...
Probably all you need is slap a RasPi into the whole deal somehow.
I somehow question Apple's ability to make sensible hardware anymore. They forgot everything else that made them stand out and be the pinnacle of user friendliness, why should they still be good at this?
Given how well their more recent developments worked out, you'll probably have to hack, tinker, toy, update, upgrade and send in for repairs a lot anyway, so why not go all the way and just do it yourself from scratch?
One should think so, but in the end it makes little if any difference.
Using an even moderately sized RSA key (IIRC 512bit) for encryption means that you'd have to try about 1.8*10^302 combinations of primes. You think that multiplying that with 65535 ports makes any measurable difference?
There are other attacks that are possible, and yes, some of them rely on weak or faulty implementation of the underlying algorithm. And yes, knowing that you use a weak implementation is useful. But not that you use a certain algorithm. If knowing the algorithm itself is already a weakness, replace the algorithm.
Yes, long time value retention is among the things people care about when buying a cellphone.
Umm... not really.
Before I understood that you threatening me to kick me hard enough to send me to the moon was not meant literally, I would probably have questioned your ability to kick hard enough for me to reach escape velocity, since our bodies would both rather disintegrate from the required force, and even if we ignored that you would have to absorb the energy required to send me on an escape trajectory due to the third Newtonian law, atmospheric friction alone would ensure that I would not even leave the atmosphere and burn up before reaching even the stratosphere.
Usually I didn't get that far, though...
"Security by obscurity", in its utmost extent, means that you must not know how the lock works because if you knew the lock would be worthless. In IT security it means that knowing the algorithm used to encrypt already weakens or even eliminates the security. A good example thereof is pretty much all Pre-WW2 encryption, e.g. the good old Caesar cipher. Knowing that a text is encrypted with the Caesar already tells you enough that 26 attempts at breaking later you have the clear text.
I think it is easy to see that a cipher that is not weakened even if the adversary knows not only the cipher used but even potentially the actual implementation (as is the case with PGP) is superior.
How would this have sold more iPhone Xs?
Intel is not stupid. They certainly don't want to lose the server market, and this is basically what would happen.
His world being the world of the Linux Kernel. When you use this context then of course any security breach is due to a bug, simply because, well, what else should it be?
Outside of that context... no.