Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It's part of the NSA's recruiting push. "If you are interested in projects like this ... consider applying" is even mentioned in the README.

There's zero chance there's some secret trojan, because the people who are interested in this type of software are the exact people who would be able to find it.



Well... I suppose you could argue that it would make sense for them to add a secret trojan, encrypted alongside a message along the lines of "we'd like to talk to you about an interesting employment offer, give us a call on 00000" ;)


>"If you are interested in projects like this ... consider applying" is even mentioned in the README.

* As long as you have citizenship... which is the minority.


An RCE vulnerability has already been found.


Despite what @HackerFantastic is going on about, sloppy remote debugging capabilities enabled with a debug flag isn't an RCE.


It enables remote code execution, that's what RCE stands for.


The issue is with "vulnerability". By that loose definition, every modern IDE has an RCE "vulnerability".


It's a compile flag, it is not enabled by default.


If you specifically start GHIDRA in a debug mode, then yes there is a backdoor, but you asked for that.


Calling it a rce vuln is a bit of an exaggeration surely.


Also know as debug mode.


It doesn't have to be a secret trojan. Just a trojan is good enough.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: