Dammit, Microsoft! Can't you learn to write secure code...?
Oh, wait...
364 publicly visible posts • joined 15 Nov 2009
Right...
Can someone please wake me up when they find:
0- Something actually new.
1- Something that works from a random domain member with a regular user account. Or, worse yet, without a user account.
...?
Thank you.
PS. Note to Reg Editorial staff: Google is your friend.
PPS. Unless, of course, you were going for sure-fire click-bait. In which case: well done!
"But dogma is dogma".
In principle, yes.
But until such a time when absolute logic and reason prevail I, for one, would rather not lump all those who believe in things unseen together and fight them at once. There is a continuous spectrum of believers, and indiscriminate hostility towards them all only serves to radicalise more of the fringe cases who could otherwise at least be kept neutral.
Back on topic: While I would consider any proposals that claim otherwise, I cannot see how selective encryption is any more realistic than, say, selective road networks that would block Bad Guys from making a getaway after doing their nefarious deeds.
What should be emphasised in this context, I think, is that better communication and dissemination of ideas and their open discussion is probably exactly what would kill the likes of ISIS: their ideology does not even come close to holding up to close scrutiny, it should come as a surprise to absolutely no one sane. So the easier exposure to culture and ideas is for everyone on the planet, the harder their ilk would find it to spread their poison.
It's possible to save the recovery password of a BitLocker volume if you already have access to it, yes.
How is this a problem...?
The alternative would be the need to migrate all the data to a new volume if you lose the recovery password of an old one and are not comfortable with the idea of not having a recovery option.
Seems good to me. And TrueCrypt has been very thoroughly audited.
On the other hand, if your main concern is displaying due diligence in a court of law if you ever have to, you might want to consider if you want to go through the extra effort of defending your decision to continue using a software package after its unknown developers very publicly pulled it, saying that it is not secure...
I mean, you and I know it's secure; but will the judge...?
@WorBlux:
Thank you for the reply. Very interesting.
Looking at the documentation, I can see why the Linux zealots were reluctant to come forward, if this is the best Linux has to offer: it's not very user-friendly, is it?
But it's good to see that someone is working on this, at least. And it *is* an uncommon usage scenario, so it would be rather low priority for anyone -- be it Microsoft, or anyone else. Here's hoping it will reach a usable state, sometime soon.
@captain veg
Ah! I see now. Thank you very much for taking the time to reply.
Well, you're right that the update should still not show up, based on the KB. So I would bring that to Microsoft's attention, if I were you.
As for your setup, well, it's not how I would do it. And it's probably not keeping with best practices. But I assume you have a good reason for doing it that way. After all, people don't deploy configurations that result in more work without a damned good reason!
What I would suggest is maybe a GPO to apply the required registry values to those machines you want to block GWX on. Seems simplest, and should work.
@captain veg:
I've read about this, but did not face it myself. I think probably because all my PCs are using Enterprise, which's not eligible for the upgrade anyway.
But I find it very interesting, so I would greatly appreciate it if you could please elaborate. In particular:
* Are the updates being received through WSUS or SCCM?
* What edition of Windows?
* Is the local user a normal, limited user?
"So, if I understand you correctly, you believe that it is OK that MicroSoft dropped the ball on this one because no other OS offers the same features?"
Fascinating! How did you arrive at that conclusion, please?
If you are referring to my asking about Linux, then I am afraid you are very much off base: I use Linux, and I would just like to know if I can use the hardware encryption capability of SEDs with Linux, is all. Do not read too deeply into what is really a very shallow question: there's only the surface layer.
Nice theory.
Except:
* BitLocker still works. And still does FDE, just not leveraging the HW of SEDs.
* Even that works, if you upgrade from Windows 10 RTM after already enabling hardware encryption. Just make sure you never turn it off, because you wouldn't be able to turn it back on!
Anyway, it seems like a minor bug, in the larger scheme of things. Hopefully will be fixed soon because it's bloody annoying. But probably not very high on the list of priorities right now. I mean, how many people are impacted, would you imagine...? I'd guess it's not a high percentage of users!
I can speak about Windows somewhat usefully, as I have been using eDrive for a while, now:
* Can be done without TPM. You just need to supply the key on a UFD. Which seems stupid, if you ask me: store the key on the boot partition encrypted with a user-supplied password, FFS! Just as Linux does it (I think).
* BitLocker is still BitLocker. IE, recovery agents in AD, etc., if you want them. So very applicable in an enterprise environment. If AD is compromised, well, that's a resume-generating event, one way or another, isn't it...? So it's nothing one needs to worry about, IMO. ;-)
Here's some more info, if you'd care to read about it. I promise it's all fascinating stuff, for the slightly-paranoid:
* What SED are: http://arstechnica.com/civis/viewtopic.php?f=11&t=1243475
* How it's done on Windows: https://helgeklein.com/blog/2015/01/how-to-enable-bitlocker-hardware-encryption-with-ssd/
* Someone tinkering with stuff on Gentoo: https://forums.gentoo.org/viewtopic-t-1001902.html
Ah! Good question, actually.
An SED will optionally use a HW engine to encrypt all data written to it. But, what does that *really* mean? I mean, if the drive is completely encrypted, how do you boot from it? And where do you store the key? How, for that matter, do you pass the key to the decryption engine? Obviously you cannot store it on the drive itself! Etc., etc.
Microsoft's eDrive takes care of all this rather neatly and seamlessly, once its requirements are met. The only annoying thing, really, is the need to do a clean install of Windows to use it.
I am wondering if there's an equivalently painless process -- or a better one! -- for Linux, and I am hoping someone here will be able to help.
This is an annoying issue for those who use FDE, yes.
But installing RTM, enabling BitLocker and then doing an in-place upgrade to 10586 works fine. No need for any gradual updating. I know, as I just did this a few days ago.
BTW: how does one turn on the equivalent functionality (FDE using HW encryption on SED) on Linux, please?
@OldSoCalCoder:
"Unless you've built the whole thing you don't know if it's secure".
But I have! What did you think I meant by "full control"...? ;-)
You do have an excellent point regarding the need to have different levels of security. It's the sensible thing to do, really. Or so I think. May I suggest separate password stores for different levels of security, instead of a "one password to rule them all" approach? You can of course store the lower level store passwords in the most-secure store, so you don't lose access to even the less important passwords for more than a reasonable amount of time. If your life is complex enough, you may even have a hierarchy of password stores.
As to feeling so compelled to write a comment *right*now* that you would compromise security... Well, if you feel that way about security, then my advice to you is not to work in any field where it really matters... :-D
"Even that is insufficient to demonstrate a machine is not compromised".
True enough. Perfect security is not possible. Everyone knows that who knows anything about security. But security good enough for a specific application can be designed.
As stated above, any system not under my full control, any system which's filesystem can be accessed without me present, etc. is suspect. With regular audits of the cold data to check for past infections, telltales to check for suspicious activity and so on. This is more than good enough *for*me*.
Now, does that mean nation-state intelligence services cannot access my data...? Probably not. But on the other hand, they'd only have to ask. Honestly, I'd feel a bit flattered, give them full-access and subtly highlight where my CV is stored...
As for malware in BIOSes and firmwares, I personally don't buy *that* particular yarn: if you think about it, what do said pieces of code have access to, anyway? Encrypted data in my case, that's what. Besides, where would they take it? Is it reasonable to assume the existence of code that can fit inside a few KiB of storage without impacting the functionality of the code that's supposed to already be in there and *still* be able to flawlessly subvert every single possible combination of HW and SW out there? Or even many of them? For Bob's sake, simple firmwares following a well-documented standard break on an OS upgrade! Check what happened with HyperX Predator PCIe SSDs and the Windows 10 upgrade, as an example. And let's not forget that my storage systems are several orders of magnitude faster than my already-saturated Internet connection. Or is the firmware supposed to be intelligent enough to pick only the interesting data...? I forgot; is this a firmware, or a supercomputer-on-a-chip...?
Anyway, if one decides to go down the rabbit-hole of full paranoia, where do they draw the line? How do *you* know that They cannot read/control your mind using satellites in orbit or whatever...? Got your tinfoil hat handy, have you? Or maybe it's the *tinfoil* through which they read minds!! The possibilities are endless, really, if feasibility and adherence to the laws of physics are not a concern.
So you want a password storage system that would expose only the single password you're accessing if it's accessed on a compromised system, eh...?
Well, that's rather simple to achieve, actually:
Just use a separate password store with a unique password for each password you want to store. Make sure the password store's password is more complex than the password stored.
Alternately, do not access password stores on any systems that are not known-secure.
"It goes against a number of treaties and international customary law which already apply to the entire universe".
I don't know about that, really.
Maybe I've been watching/reading too much science fiction, but it seems to *me* that the only audacious thing going on is the author's assumption that any laws in existence today apply, in any meaningful sense of the word, to any part of the universe past Earth orbit... Akin to, say, a Pharaoh deeding the sun to his favourite son, etc.
A poor choice of phrasing on the part of the author.
I suspect the intention is that the gear could have failed while on its way out the door, if it had lasted just a bit longer. Which certainly would have been a better time for it to fail. Admittedly, any time prior to that seems just as bad for a failure of such a scale. Or so it seems to me, unless I am missing some nuances.
Microsoft bashing in an article about new RAM...
The sad thing is that this being the Register I am not surprised.
The sadder thing is that it is misplaced bashing: In fact, every Windows edition after Vista has been faster on the same hardware -- including amount of system RAM -- than the one preceding it. I am not sure the trend holds with Windows 10 Build 10586 as it's so new and I haven't installed it on enough machines to draw any meaningful conclusions, but it does hold for everything else.
Back on topic: Good $deity, I want some of those modules! Which body parts do I have to sell to afford them...?
Doing this kind of thing is bad.
Doing it *after* another major vendor and competitor was rightly nailed to the wall for doing pretty much the exact same thing is... well... I think Dell owes me a new BadSecurit-O-Meter.
This is why one should *always* do a complete wipe and reinstall of any new system. I don't care what anything: always wipe. Trust no one. If you can manage it, don't even trust yourself.
I think the rise of the more obtrusive ads is driven by the fact that while more benign ads would benefit the online ad industry as a whole, a more attention-grabbing ad immediately benefits the specific ad placer. At least in the short term.
Then, of course, there's an arms race, of sorts, and here we are.
Autonomous cars should clearly abide by all applicable rules when operating on public roads -- even during testing.
So if there is a rule saying something like "drive at least [x] MPH, if you can", then they should have been fined. Where things get complicated is if there isn't such a rule and things are left to the drivers' judgment: if the autonomous car -- or in this case Google -- "judged" that 25MPH is right, then what...?
There's no bug-free code. If you believe there is, then I have any number of bridges and famous landmarks to sell you.
printf("Hello World!");
...probably has plenty enough bugs in it. Presumably in the implementation of printf() or in other hidden code supporting it.
@Pompous Git:
I will now be promptly getting off of your lawn in a non-threatening manner, shall I...? ;-)
I don't know what the issue you're facing might be: I have a few clients who do not want to move away from Windows 7 just yet -- after all, they just upgraded from XP, you know...? :-D -- and their machines have been behaving as they should, once the required bits have been flipped and so on. Not one machine acting up.
All I can say is: If you were an MCP, then maybe Microsoft have a point in forcing this annoying mandatory recertification on us MCSEs...
I think that there's no conspiracy, here. At most, there might be some misunderstanding and maybe some mistakes regarding what the best approach to keeping everyone up-to-date without aggravating them needlessly.
What there *is*, however, is a KB article addressing just these concerns voiced in this discussion:
https://support.microsoft.com/en-us/kb/3080351
"According to the original specs: 'The aircraft is designed to fly with one engine, one tail, one elevator, and half of one wing missing.', and with both of its dually redundant hydraulic systems out of action.
"Not to mention the half-a-ton of titanium armour..."
Oh, believe me, I know about the A-10. And I do love it. One favorite story:
https://en.wikipedia.org/wiki/Kim_Campbell_(pilot)
It's good to be able to survive being shot half-way to hell. But on the other hand, it is better not to be shot at in the first place.
If you think about it, it is exactly against adversaries with limited and outdated resources that the F-35 would shine: A modern army probably already has, or can come up with, ways to counter the F-35. On the other hand, someone with half-a-brain and lots of MANPADs but nothing else wouldn't be able to begin to touch something like the F-35, while they might at least be able to shoot at the A-10. And how many times would they have to get lucky before public opinion forces a pull-out...?
I quite like the A-10. And in some edge cases (IE, vs. ISIS), it is unequalled and unlikely to be equalled any time soon.
But having the capacity to deliver lots of bombs counts for very little if the plane cannot get to the battlefield in one piece. Or, for that matter, if it cannot get back out.
The kind of long-term loitering on the battlefield earlier comments seem to speak of is now, I believe, relegated to drones. Which can be deployed in larger numbers, can stay in the air longer and are, most importantly, much more disposable than an expensive fighter and its irreplaceable pilot.
As to the F-35 vs. A-10 trial, I think simply deploying AA in realistic numbers and varieties would well and truly bake the good old Warthog's goose. I can see no real need to artificially skew things, looking at things from the F-35's proponents' PoV.
"Using left shift for multiplication is fine so long as you know whether your operand is signed or unsigned beforehand".
Very true. And can you guess what this was...? :-)
Other compilers at the time (I think I ended up switching to some GCC derivative, but I may be mistaken) produced the appropriate code.
What I would like to know is this:
If the Gartner reports had under- instead of over-stated Pure's numbers, would they still not have corrected them?
Would they not at least have said something like "while we cannot disclose anything because [insert excuse], those numbers are way off and you should ignore them"...?
Ah, well:
Deniers gonna deny, one might say.
Thanks to all for so effectively illustrating the situation. And even more thanks to those few voices of reason: you make me think there might still be hope... But then I read the next comment.
For what it's worth, I personally wish the deniers were right. Because their being wrong means great social upheaval and suffering for millions, if not billions, of fellow humans the vast majority of whom did nothing to cause the problem.
But I am afraid the evidence does not bode well for either my wishes or their denial. The laws of physics are poorly affected by wishful thinking.