Hacker News new | past | comments | ask | show | jobs | submit login

Which is prescient... this is a tool by the NSA after all. I would be disappointed if it wasn't back-doored... Anybody working on a feature-parity FOSS alternative from scratch?



Releasing backdoored software to people who are experts in finding software backdoors would definitely be a strategy


One of the strategies of all time


What would a back door look like in a tool like this? Silently returning incorrect results for certain binaries?

Perhaps I lack imagination but I’m having trouble picturing what that could be good for or how it could even be hidden. This isn’t like a crypto constant that you can pretend is random but secretly has known factors.


Like, come on. How it's can be back-doored if it can work just fine in offline VM?

Also there are only small percent of specialists who even know this tool exist let alone have know-how to use it. And since it heavily used for mailware reverse engineering it's gonna be laughtable to put any "secret backdoors and exploits" in it.

Might be worth it as hacker contest for finding good hiring candidates, but certainly not at spying attempt. No sane person who able to use this software gonna run it on PC containing some important secrets.


The source is freely available on Github. Show us where the backdoor is.


FWIW, an RCE was found in it. It was fixed.

Either way, you probably don't want to do binary analysis on a networked computer.


To what end? The risk of it being discovered is high and would only cause scandal.




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: