I understand the scenario you are describing to me, and that it’s perfectly plausible. (I do see a potential weakness or two which I’d love to discuss separately). Let me try to clear up the confusion in the current discussion thread. What you are describing is somebody running their own software service. This is possible, I’m not arguing that. My original assertion, is that if you allow somebody else to run the SOFTWARE service for you, you are inherently at their mercy. Based on what you’ve just described, I’m absolutely certain you agree with that assertion. This is also the only reasonable way most of the world would have access to most online services. The idea of everybody hosting their own software stack for every service they would like to use is laughably impractical and implausible.
I think what you are trying to say is that if they have shell access it is insecure and yes I agree with that
But even if they have shell access, as long as I can be assured no one else is logged in, I can make any linux box just as secure in about twelve minutes using the above scenario.
Yes in what I described there are weaknesses such as L1 cache doping to vastly reduce uncertainty making identification of prime stripes in packets trivial, but to practically pull that off you need an electron microscope installed above a naked operating processor meaning the entire room has to be sub zero and sealed from contaminants and prepared days beforehand
Which means that any joe schmo spinning up a digitalocean droplet isn’t going to be hosted on a machine with NSA grade top level memory and CPU observation installed
I was more thinking that, in theory, anything you install and run could be compromised from the get go. With enough prep, any distro could be replaced with a compromised version on the fly and you would have no way to tell. Any tools you use could similarly be compromised to give you untrustworthy output. It would require a heck of a lot of investment, but not beyond the scale of nation states, and would be pretty scalable.
How are they ‘changing on the fly’ the distro I downloaded the week before and ran a CRC check on?
Well, you’re uploading it remotely at some point. Essentially it’s a supply chain attack, where during the process of upload it’s compromised by the remote server. The logic would be - they can fingerprint any reasonable distro you might use, and replace it with a pre-prepared compromised version. Any tools you might use to check its veracity could potentially be poisoned the same way, no? As I said, remote possibility and high cost, but not implausible.
Serious question, do you have any background in IT security?
and as for ‘tools I might use to check’, literally anyone can code their own CRC checker in python with no python experience in like 20 mins using widely attested public algorithms
Then you understand how statistically impossible it is to craft a modified distro that passes a CRC check?
And by statistically impossible, I mean this in a thermodynamic sense, as in that it is much more likely that you are a brain floating in a void that cohered completely from nothingness due to vacuum energy than it is that any given iteration of a modified file of considerable length will match the same CRC as an established, published, vetted copy.
It is about 100 times easier to randomly guess the private key of a bitcoin wallet than it is to iterate arbitrary changes to match CRC results.
There is a reason it is still the gold standard of file authenticity despite it being literally based on a largely unchanged 50 year old technology.
If you are running an ‘illegal’ service, why not host it on a virally distributed botnet and embrace the chaos and mistrust in your host systems? Might be the best way to detach from anyhing physical with a fixed location that causes traceable bills.
I understand the scenario you are describing to me, and that it’s perfectly plausible. (I do see a potential weakness or two which I’d love to discuss separately). Let me try to clear up the confusion in the current discussion thread. What you are describing is somebody running their own software service. This is possible, I’m not arguing that. My original assertion, is that if you allow somebody else to run the SOFTWARE service for you, you are inherently at their mercy. Based on what you’ve just described, I’m absolutely certain you agree with that assertion. This is also the only reasonable way most of the world would have access to most online services. The idea of everybody hosting their own software stack for every service they would like to use is laughably impractical and implausible.
I think what you are trying to say is that if they have shell access it is insecure and yes I agree with that
But even if they have shell access, as long as I can be assured no one else is logged in, I can make any linux box just as secure in about twelve minutes using the above scenario.
Yes in what I described there are weaknesses such as L1 cache doping to vastly reduce uncertainty making identification of prime stripes in packets trivial, but to practically pull that off you need an electron microscope installed above a naked operating processor meaning the entire room has to be sub zero and sealed from contaminants and prepared days beforehand
Which means that any joe schmo spinning up a digitalocean droplet isn’t going to be hosted on a machine with NSA grade top level memory and CPU observation installed
I was more thinking that, in theory, anything you install and run could be compromised from the get go. With enough prep, any distro could be replaced with a compromised version on the fly and you would have no way to tell. Any tools you use could similarly be compromised to give you untrustworthy output. It would require a heck of a lot of investment, but not beyond the scale of nation states, and would be pretty scalable.
How are they ‘changing on the fly’ the distro I downloaded the week before and ran a CRC check on?
Serious question, do you have any background in IT security?
I ask that because to cover this properly will take effort, and I’m not prepared to waste that on someone who won’t understand what I’m writing.
Well, you’re uploading it remotely at some point. Essentially it’s a supply chain attack, where during the process of upload it’s compromised by the remote server. The logic would be - they can fingerprint any reasonable distro you might use, and replace it with a pre-prepared compromised version. Any tools you might use to check its veracity could potentially be poisoned the same way, no? As I said, remote possibility and high cost, but not implausible.
A little. I’m in IT, and know the basics.
and as for ‘tools I might use to check’, literally anyone can code their own CRC checker in python with no python experience in like 20 mins using widely attested public algorithms
Then you understand how statistically impossible it is to craft a modified distro that passes a CRC check?
And by statistically impossible, I mean this in a thermodynamic sense, as in that it is much more likely that you are a brain floating in a void that cohered completely from nothingness due to vacuum energy than it is that any given iteration of a modified file of considerable length will match the same CRC as an established, published, vetted copy.
It is about 100 times easier to randomly guess the private key of a bitcoin wallet than it is to iterate arbitrary changes to match CRC results.
There is a reason it is still the gold standard of file authenticity despite it being literally based on a largely unchanged 50 year old technology.
If you are running an ‘illegal’ service, why not host it on a virally distributed botnet and embrace the chaos and mistrust in your host systems? Might be the best way to detach from anyhing physical with a fixed location that causes traceable bills.