Regardless of the motivation, cause, mechanism of #2 - #3 is not the appropriate... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		wyldfire on Dec 15, 2020 \| parent \| context \| favorite \| on: U.S. Treasury, Commerce Depts. Hacked Through Sola... Regardless of the motivation, cause, mechanism of #2 - #3 is not the appropriate way to handle the problem. Attack is indistinguishable from unintentional corruption. And #3 trains customers to do the wrong thing when they encounter an attack.

eli on Dec 15, 2020 [–]

The malicious file was signed with the right certificate. So yeah you should ideally be more careful with checksums but there already was a much more robust and secure authentication mechanism and it was defeated.

heleninboodler on Dec 15, 2020 | [–]

Yes, these are two orthogonal egregious security problems.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact