To kick-start the discussion, let's first review some of the recent attacks. In the node-ipc case1 a developer pushed an update that deliberately but stealthily included code that sabotaged the computer of the users who installed the updated component. Such an attack was selective: a DarkSide in reverse. If the computer Internet Protocol (IP) was geolocated in Russia, the attack would be launched. Several days and a few million downloads later, the spurious code was actually noticed and investigated. Linus's law on the many eyes eventually made the bug shallow,2 and the developer pulled back the changes.
'Free' as in Freedom to Protest? / Massacci, F.; Sabetta, A.; Mirkovic, J.; Murray, T.; Okhravi, H.; Mannan, M.; Rocha, A.; Bodden, E.; Geer, D. E.. - In: IEEE SECURITY & PRIVACY. - ISSN 1540-7993. - 20:5(2022), pp. 16-21. [10.1109/MSEC.2022.3185845]
'Free' as in Freedom to Protest?
Massacci F.
Primo
;
2022-01-01
Abstract
To kick-start the discussion, let's first review some of the recent attacks. In the node-ipc case1 a developer pushed an update that deliberately but stealthily included code that sabotaged the computer of the users who installed the updated component. Such an attack was selective: a DarkSide in reverse. If the computer Internet Protocol (IP) was geolocated in Russia, the attack would be launched. Several days and a few million downloads later, the spurious code was actually noticed and investigated. Linus's law on the many eyes eventually made the bug shallow,2 and the developer pulled back the changes.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione
