The HN crowd in particular absolutely has a say in this, given the amount of engineering leads, managers, and even just regular programmers/admins/etc that frequent here - all of whom contribute to making these decisions.
You have the power to not host your own infrastructure on aws and behind cloudflare, or in the case of an employer you have the power to fight against the voices arguing for the unsustainable status quo.
If you need DDoS mitigation then you essentially need to rely on a third party. Every third party will have inevitable downtime. For many it’s just whether you’d prefer to be down while everyone else is down or not.
After that, have a look at pcpartpicker.com, motherboards section. They have feature selectors, like number of usb ports, power connector type and so on. Very useful to find boards.
That's Windows doing that, which they've just compromised and then configured to display only the normal login prompt but send your credentials to the attacker.
They can also decrypt your hard drive by doing the same thing without modifying the original machine by just stealing it and leaving you a compromised one of the same model to also steal your password.
No, GP is misinterpreting Windows's message. It prompts for a recovery key because the TPM is bound to, among other things, Secure Boot == enabled. When Secure Boot is disabled, the TPM notices that and refuses to release the key, that's how you know to reënable Secure Boot or throw away your device.
The fact that Windows is compromised does not make it capable of extracting secrets from the TPM, though maybe a naïve user can be convinced to enter the recovery key anyway...
> When Secure Boot is disabled, the TPM notices that and refuses to release the key, that's how you know to reënable Secure Boot or throw away your device.
But the attacker isn't trying to get the key from the TPM right now, they're trying to get the credentials from the user. It's the same thing that happens with full disk encryption and no TPM. They can't read what's on the device without the secret but they can alter it.
So they alter it to boot a compromised Windows install -- not the original one -- and prompt for your credentials, which they then capture and use to unlock the original install.
They don't need secure boot to be turned on in order to do that, the original Windows install is never booted with it turned off and they can turn it back on later after they've captured your password. Or even leave it turned on but have it boot the second, compromised Windows install to capture your credentials with secure boot enabled.
How suspicious are you going to be if you enter your credentials and the next thing that happens is that Windows reboots "for updates" (into the original install instead of the compromised one)?
So this attack is to steal my Windows password or Windows Hello credentials, but doesn't get my encryption key...? That's...not ideal, but I think you'll see it's an improvement over unencrypted disks (again, TPMs are for people who can't be bothered to set a strong password).
And again this presupposes that you can disable Secure Boot, boot a malicious OS from another drive, fool the user into entering their password, automatically reboot, enable Secure Boot, boot into the legit OS, then come back later and have the ability to boot the OS yourself and log in as the user (because again, you don't have the decryption key, you have the user's login credentials).
You are also presupposing what the TPM is bound to. I don't use Windows, but using systemd-cryptsetup I could configure a TPM to bind to the drives in the system; in this way, it will refuse to boot my legit OS while your malicious disk is installed (well, it will demand a recovery key). Again, setting off alarm bells, and if I discover the disk with my recorded credentials before you can physically access it, I can just destroy it.
> And again this presupposes that you can disable Secure Boot, boot a malicious OS from another drive, fool the user into entering their password, automatically reboot, enable Secure Boot, boot into the legit OS, then come back later and have the ability to boot the OS yourself and log in as the user (because again, you don't have the decryption key, you have the user's login credentials).
But that's the same thing that happens with full disk encryption. They come get physical access to the machine but don't have the decryption key yet so they compromise the unencrypted part of the machine which is what prompts you for it, have that capture the key when you enter it, and now they have the key when they come back to use it.
If anything allowing the short password is even worse, because if you leave your machine in suspend you expect it to prompt for your unlock password but not the full disk encryption key when you come back, so the latter would be suspicious but the former doesn't let them unlock the disk, and now you're using the short password for both.
> You are also presupposing what the TPM is bound to. I don't use Windows, but using systemd-cryptsetup I could configure a TPM to bind to the drives in the system; in this way, it will refuse to boot my legit OS while your malicious disk is installed (well, it will demand a recovery key). Again, setting off alarm bells, and if I discover the disk with my recorded credentials before you can physically access it, I can just destroy it.
Except that it doesn't need to be installed once you're at that point. By then it has already captured your credentials and stored them or sent them to the attacker over the network, so it can disable that device right before it goes to boot into the original operating system.
Also notice that the original premise was to make it easy for ordinary users and now the workaround is to install Linux and change a setting that will confuse people as soon as they leave their own USB stick plugged into their computer.
> My parents are getting old and they aren't tech savvy. The missing piece here is that I want my parents to have a computer they can safely do their banking on, without leaving them vulnerable to scams and viruses and the like.
Purists always forget this point :) What is best for 99% of people.
That's what can be achieved by encapsulation/containerization of apps: a la flatpak, snaps, docker or VMs...
I found my parents to install random crappy adware apps from official stores too. What protects their banking application is granular permissions, not root access.
It will be exploited. Key word above - not tech savvy.
The only reason we have convenient banking, gov and streaming apps today is because of guaranteed and enforced mobile security by big boys Apple and Google. (Google being Ad company is another matter, not relevant here).
No, we have convenient online services in spite of the endless security theater that permeates consumer tech. All it's done is gradually increase maintenance burden and technical complexity until useful features are slowly stripped out to create a more "streamlined" experience. The mobile app for my credit union has become so shitty that I'm not even sure if losing access to it is a deal-breaker for rooting my phone - I already prefer to do my online banking and shopping on my laptop.
There is no "just works" technical solution for a problem caused mainly by naivete and gullibility. Governments and the private sector know this, of course; as others have said, the real purpose is to control users, not to protect them.
Why is the banking server trusting the client? Thats criminally incompetent security. If your website gets hacked because a client had "root" whose fault is it?
I see the cause of confusion. I was assuming and talking about the case of the legitimate user have a root/non locked down device as being imputed as the "attacker". I don't think he was talking about other people stealing or having acces to your device. And in any case, all bets are off then if you meant that scenario. At least with a browser user can choose not to save passwords and the attacker won't get bank creds, so even in that case a web app would be better.
If we have to always appeal to the lowest of the low, the stupidest of the stupidest, then society sucks ass.
What's even the point of me being alive is I can't do anything that isn't completely idiot-proof and made for goo goo ga ga users?
Look, I get it. Think of the children! Think of the granny!
But I'm not a child, I'm an adult. I would like to be treated as such. Otherwise what the fuck are we even doing here? Why can't I just live in daycare forever? Why am I paying bills?
Awesome! Now erase your Truenas, install XCP-ng, passthrough the LSI to the TrueNas VM :)