Hacker News new | past | comments | ask | show | jobs | submit login

> We don’t have any such measures at all for the digital “evidence.”

This is false. The chain of custody and integrity of digital evidence is pretty much a solved problem. Digital forensics is a fairly mature field.

This is not to say there aren't issues with some of the tools, such as Cellebrite's clown show.




Your two paragraphs are contradicting each other.

The mere possibility that a "clown show" of that magnitude can exist is evidence for the lack of a solution to the problem of digital forensics.


This clown fiesta on Cellebrite's side is an example of the issues of trusting a compiler that Ken Thompson pointed out all those years ago[1].

Trust and Computers don't go hand in hand [2].

[1] https://softwareengineering.stackexchange.com/questions/1947...

[2] https://pluralistic.net/2020/12/05/trusting-trust/#thompsons...


This actually happened with someone way back when: https://www.quora.com/What-is-a-coders-worst-nightmare/answe...


Pretty sure we had to do the "trusting trust" patch set as a homework assignment during my CS undergrad. It's not actually super complicated. Backdoor login.c when you see it, and backdoor GCC when you see it.

Sounds like someone took code from their homework assignment and added a few fun extra credit features to screw with their psychology professor.

I can imagine how it would be pretty confusing to stumble across if you hadn't read the paper though :-)




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: