tank on Nostr: The main issue I see is the low cost of the attack vs the reward, especially for ...
The main issue I see is the low cost of the attack vs the reward, especially for wallets. It‘s basically impossible to detect an attack deployed via web server. E.g. a server could target specific IP addresses. In contrast it‘s easy to detect a malicious app update as it would have to be pushed to all client devices. A state level actor compromising devices is quite expensive to do at scale.
Published at
2023-06-25 15:58:06Event JSON
{
"id": "824f77a4378462a9202541a55a8e1f1ebdf8c2d58b4ded04eb78e81be175b77f",
"pubkey": "311b497635856767ff5c1cefa2b8c5c875ce184ae4876da9279e829ba01dd129",
"created_at": 1687701486,
"kind": 1,
"tags": [
[
"e",
"7eb23eff8884a0addc6bea113746a82f61f7ac3338b056dd6a57ad1509fed273",
""
],
[
"e",
"7a62233b00f88dd2850dde1f5c8c5fc1be9886f1bd6bf7c080edbb2ed8624667"
],
[
"p",
"c6f7077f1699d50cf92a9652bfebffac05fc6842b9ee391089d959b8ad5d48fd"
],
[
"p",
"fa984bd7dbb282f07e16e7ae87b26a2a7b9b90b7246a44771f0cf5ae58018f52"
],
[
"p",
"c6f7077f1699d50cf92a9652bfebffac05fc6842b9ee391089d959b8ad5d48fd"
]
],
"content": "The main issue I see is the low cost of the attack vs the reward, especially for wallets. It‘s basically impossible to detect an attack deployed via web server. E.g. a server could target specific IP addresses. In contrast it‘s easy to detect a malicious app update as it would have to be pushed to all client devices. A state level actor compromising devices is quite expensive to do at scale.",
"sig": "93a7b54a1fa5322395c67ccb53f68f8a7d202738a827c6349d7103948bbe16df5c2df2067abf19bc39aea44c0fa72ee4db0c3f0db890972175c83bce0c15479c"
}