Post
Topic
Board Development & Technical Discussion
Re: Worst case scenario
by
gmaxwell
on 10/10/2013, 16:32:22 UTC
- An attacker could break directly into the source control where the source code is stored and unnoticed injects his code which is then automatically include in the next version.
  But since bitcoin is open source, the attacker should hide its code in a file where people rarely look into or file which at first glance does not look important but are indeed source files

This won't work. Everyone looks at diffs. Making the change in something that changes all the time would be a better strategy. In GIT it is not possible to make invisible changes either, and rewriting the history will make all git clients refuse to pull until forced.

Quote
- An attacker could hack a computer of one of the bitcoin client developers (Either through direct physical access or through some trojan)
- The attacker could threaten one of the bitcoin developers and such force his to do what he wants
If the system is vulnerable to this, then you can remove the third party "attacker" from the equation: One of the developers could just do this if it were possible.  Hopefully, enough people are auditing all changes that this wouldn't be possible.

Quote
- An attacker could break into the website bitcoin.org and place his malicious client for download, or redirect bitcoin.org via some dns attack to his own (same looking) website
  With this attack, the checksum of the client won't be ok but how many users will (or even know how to) check that?

About 1% check. But users update very slowly and we intentionally do not have a forced auto-update. And there are people running automated signature tests who would quickly notice a problem.

Quote
This are my greatest fears. Please tell me that these scenarios are almost impossible to happen. So the question is, could this be possible?

Certainly it would be possible, few things are not possible.  It's less clear that there would be a large amount of funds taken this way...