Replying to Avatar nout

The one topic that has been heavily discussed above was CSAM - there it's about laws.

About malware - continuous or not doesn't really have effect here, right? The way how malware is detected is via detecting fingerprints (short byte sequences) that are common to the malware or via heuristic analysis, or via some other tricks (like running the code in sandbox). So if there is malware stored in inscriptions or in op_returns would be detected the same way with probably the same results. But taking a step back - this isn't even a real concern, since node-to-node packets are now encrypted, right? (since BIP 324 is enabled by default in Core)

So what is exactly the argument about malware in this case?
Avatar
JackTheMimic 3mo ago

The argument is validation. When validating those bytes are processed in the clear decrypted. (XOR doesn't change this) also, the finger prints for malware detection are more like heuristics. Does this have 1 fingerprint? Yes, check for 2. And so on. (This is obviosly so the antivirus ALSO isn't running those same contiguous bytes through its processor).

As far as CSAM goes I am fairly certain (though I don't dare try it) that if you run those bytes through something as basic as VLC you will get an image. No additional encoding necessary. Meaning you are storimg a raw data file of terrible shit in ram that you could conceivably render with simple image software NOT some inscription decoding taproot wizard shit.

The malware is an attack vector, the CSAM is more or less gross despicable shit. All enabled by 100kb OP_RETURNS easily propagated through the gossip network.

Reply to this note

Please Login to reply.

Discussion

No replies yet.