This is not magic, I am not a layman, and your beliefs about computer security are wildly misinformed. Putting trojans on large fractions of the computers on the internet is currently within the reach of, and is actually done by, petty criminals acting alone. While this does involve a fair amount of thinking time, all of this thinking goes into advance preparation, which could be done while still in an AI-box or in advance of an order.
This is not magic, I am not a layman, and your beliefs about computer security are wildly misinformed. Putting trojans on large fractions of the computers on the internet is currently within the reach of, and is actually done by, petty criminals acting alone.
Within moments? I don’t take your word for this, sorry. The only possibility that comes to my mind is by somehow hacking the Windows update servers and then somehow forcefully install new “updates” without user permission.
While this does involve a fair amount of thinking time, all of this thinking goes into advance preparation, which could be done while still in an AI-box or in advance of an order.
So if I uploaded you onto some alien computer, and you had a billion years of subjective time to think about it, then within moments after you got an “Internet” connection you could put a trojan on most computers of that alien society? How would you e.g. figure out zero day exploits of software that you don’t even know exists?
Well, what’s going to slow it down? If you have a backdoor or an exploit, to take over a computer requires a few milliseconds for communications latency and a few milliseconds to run the code to execute the takeover. At this point the new zombie becomes a vector for further infection, you have exponential growth and BOOM!
The only possibility that comes to my mind is by somehow hacking the Windows update servers and then somehow forcefully install new “updates” without user permission.
Wouldn’t have to be Windows; any popular software package with live updates would do, like Acrobat or Java or any major antivirus package. Or you could find a vulnerability that allows arbitrary code execution in any popular push notification service; find one in Apache or a comparably popular Web service, then corrupt all the servers you can find; exploit one in a popular browser, if you can suborn something like Google or Amazon’s front page… there’s lots of stuff you could do. If you have hours instead of moments, phishing attacks and the like become practical, and things get even more fun.
How would you e.g. figure out zero day exploits of software that you don’t even know exists?
Well, presumably you’re running in an environment that has some nontrivial fraction of that software floating around, or at least has access to repos with it. And there’s always fuzzing.
This is not magic, I am not a layman, and your beliefs about computer security are wildly misinformed. Putting trojans on large fractions of the computers on the internet is currently within the reach of, and is actually done by, petty criminals acting alone. While this does involve a fair amount of thinking time, all of this thinking goes into advance preparation, which could be done while still in an AI-box or in advance of an order.
Within moments? I don’t take your word for this, sorry. The only possibility that comes to my mind is by somehow hacking the Windows update servers and then somehow forcefully install new “updates” without user permission.
So if I uploaded you onto some alien computer, and you had a billion years of subjective time to think about it, then within moments after you got an “Internet” connection you could put a trojan on most computers of that alien society? How would you e.g. figure out zero day exploits of software that you don’t even know exists?
Well, what’s going to slow it down? If you have a backdoor or an exploit, to take over a computer requires a few milliseconds for communications latency and a few milliseconds to run the code to execute the takeover. At this point the new zombie becomes a vector for further infection, you have exponential growth and BOOM!
Wouldn’t have to be Windows; any popular software package with live updates would do, like Acrobat or Java or any major antivirus package. Or you could find a vulnerability that allows arbitrary code execution in any popular push notification service; find one in Apache or a comparably popular Web service, then corrupt all the servers you can find; exploit one in a popular browser, if you can suborn something like Google or Amazon’s front page… there’s lots of stuff you could do. If you have hours instead of moments, phishing attacks and the like become practical, and things get even more fun.
Well, presumably you’re running in an environment that has some nontrivial fraction of that software floating around, or at least has access to repos with it. And there’s always fuzzing.
Also, nowadays if you can suborn the cell towers taking over all the smartphones becomes fast and easy.
When you are a layman talking to experts, you should actually listen. Don’t make us feel like we’re wasting our time.
Care to address his valid response point in the 2nd paragraph?
Nornagest already answered it; the sets of software in and outside the box aren’t disjoint.