From 9b41b648355c50c60bb27b7f20bbd0d4ff1cc4a8 Mon Sep 17 00:00:00 2001 From: Simon Gibbs Date: Fri, 1 Sep 2023 07:59:10 +0100 Subject: [PATCH] Swap T2 and T3 based on feedback --- cards.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cards.yaml b/cards.yaml index c5ae475..ea18059 100644 --- a/cards.yaml +++ b/cards.yaml @@ -39,8 +39,8 @@ suits: A: You've invented a new Spoofing attack Tampering: - 2: An attacker can modify your build system and produce signed builds of your software - 3: An attacker can take advantage of your custom key exchange or integrity control which you built instead of using standard crypto + 2: An attacker can take advantage of your custom key exchange or integrity control which you built instead of using standard crypto + 3: An attacker can modify your build system and produce signed builds of your software 4: Your code makes access control decisions all over the place, rather than with a security kernel 5: An attacker can replay data without detection because your code doesn't provide timestamps or sequence numbers 6: An attacker can write to a data store your code relies on