> A vouch option for Flagged submissions would be appreciated.
AFAIK, upvoting a flagged submission cancels out the flagging to some extent. I don’t know the internals of how this process works. I’ve upvoted the submission in an effort to get it unflagged (it still may not get to the front page or may rapidly drop down though).
> United States using its military to keep international waters open
Being a little pedantic, as per my knowledge, the Strait of Hormuz is not “international waters”. It’s territorial waters belonging to Iran and Oman. AFAIK, Iran hasn’t ratified UNCLOS either, and claims it is not subject to it.
> It’s territorial waters belonging to Iran and Oman.
The trick is that it's still an 'international strait', or a segment of water that forms the only connection between two areas of high seas -- in this case the Persian Gulf and the Gulf of Oman. The principle of freedom of navigation establishes that innocent traffic (civilian traffic, and even warships in peacetime) have a right to use the strait to go from one body of international water to the other.
Iran may claim that it doesn't have to abide by that right, but international law is never self-executing. One question to be resolved by this war is whether Iran will ultimately recognize the right to navigation in any settlement (and then choose to abide by said settlement).
As the nation that was attacked first, They have an unimpeachable argument for wanting to defend the rest of their territorial waters. The ludicrously escalatory rhetoric from the US President has turned this into an existential conflict. I can't take finger-wagging against Iran seriously to be honest, the idea that western powers would scrupulously adhere to international mores if subjected to a full-on kinetic attack by another nation state is absurd on its face.
One can argue that they have a "good reason" for ignoring international rules, but I would voice a risk here. Other nations that control important straits are watching what is happening and many of them could benefit more by taxing their straits than allowing free passage, and as more do it, the benefit only increase. It is a kind of prisoner dilemma in that defecting becomes the best strategy as soon anyone else start defecting.
As with other recent trade wars, the value of this kind of behavior goes down when other nations start to retaliate. A ship might be able to pay the insurance from Iran, but can they afford to pay the same fee for each time they pass some other nations territorial waters? At some point the US blockade won't matter and the profitability of the venture will be zero.
> They have an unimpeachable argument for wanting to defend the rest of their territorial waters
They are shooting down neutral tankers outside of their territorial water, so stop with the bullshit. If they only shot ships in their own waters traffic in Hormuz would already have returned to normal.
> the idea that western powers would scrupulously adhere to international mores if subjected to a full-on kinetic attack by another nation state is absurd on its face.
We know they are, we have Ukraine as an example they don't start attacking neutral nations civilian vessels just because Russia attacked them. Only evil regimes do that, you don't "defend yourself" by committing terrorism against innocent neutral country ships that aren't shipping anything related to the country you are fighting.
There is no reason at all for Iran to start shooting ad Indian ships just because USA attacked Iran, no western nation would defend themselves that way, many western nations has been attacked and conquered in history so we know how they act.
Ukraine doesn't have a strategic choke point that gives them asymmetric economic leverage. Imagine that Brazil's and the world's economy was intrinsically linked to exports from the Mediterranean region, and China decided to launch a full-on war against Spain in concert with Belgium. What do you think Spain would do, sit there and suffer or make use of its geography? How do you think Spain came to be a powerful nation in the first place?
> evil
GMAFB, the US launched this war in a joint effort with Israel and smoked a school full of children on the very first day. Iran is pursuing its strategic interests by exploiting its geography and inflicting pain on countries on the other side of the Persian gulf who chose to ally themselves with the US and allow the US to bases from which to launch war.
You're saying international law has no value to iran because the US and Isreal have no violated it. Im saying Iran commited to violating international law long ago and thus in a war with Iran no one would expect international law to be followed by either party. Sounds like you agree with the last part but maybe disagree with the first claim?
America violated international law many times, from well before. Vietnam, Iraq, Afghanistan, Abu Ghraib, etc etc etc
But when talking about international law in this instance, America started the aggression, which was a breach of International Law itself, so why should Iran abide by it?
> The principle of freedom of navigation establishes that innocent traffic
"freedom of navigation" seems to be from UNCLUS no? So why should a country (Iran) that didn't ratify UNCLUS care about the terms it binds it's signatories to?
If Iran doesn't want to observe the terms of the UNCLOS (regardless of whether they have ratified it or not) then their territorial waters claims revert to the older 3NM limit. They can't have it both ways. Of course, in practice those legalisms don't matter without a means of enforcement.
It's prohibited under international law to attack a sovereign nation, like the US has done to Iran, so the point of Iran closing the Strait in response to this is very much moot.
Naval blockades of enemy ports during war are legal, that is what USA and Israel argue they are doing. That is not what Iran is doing, they are blocking fully neutral ships from going in other countries waterways.
US at war? We are past the 60 days for a military operation. From US law perspective, it’s illegal. From the constitutional perspective only congress can declare war which they haven’t.
International law only applies when you ratify a treaty so it becomes domestic law. Thats how treaties work, they actually laws of the country hence the term ratification into domestic law. Why US doesn't violate international law on land mines and cluster bombs. US never signed that treaty.
And Iran is blocking a strategic chokepoint during a war of defense, pressuring their enemies due to the war being illegal and unprovoked. See how easy it is to argue?
All straits other than the Bosporus (which has some additional rights to Turkey given the proximity to a major city) are international waters for the purposes of free transit, under the Montreux Convention.
It is ridiculous that countries like Australia (a party to a convention) have a say in whether Turkey should or should not pass ships through the strait. This looks like a legacy of colonization era. This convention should be repelled, and the new agreement should be made by Russia and Turkey and other Black sea countries ignoring the interests of colonizers.
The US is is not blocking the Strait of Hormuz. There don't appear to be any US warships even in the Strait at the moment. What the US is doing is enforcing a partial blockade against Iran, largely in waters southeast of the Strait. We can argue about whether this is a good policy but let's not make things up.
Wikipedia says it's been Iranian/Omani territorial waters for quite a while:
> In 1959, Iran altered the legal status of the strait by expanding its territorial sea to 12 nmi (22 km) and declaring it would recognize only transit by innocent passage through the newly expanded area. In 1972, Oman also expanded its territorial sea to 12 nmi (22 km) by decree. Thus, by 1972, the Strait of Hormuz was completely "closed" by the combined territorial waters of Iran and Oman.
Wikipedia does not say that the Strait is Iranian/Omani territorial waters. Wikipedia says that Iran and Oman claim that the Strait is Iranian/Omani territorial waters.
The Strait may well have some, but the traffic separation scheme for shipping is absolutely in Omani territorial waters, and another part of traversing the Strait includes passing through Iranian territorial waters.
No, the route is entirely outside of Iranian waters. They attacked ships that were in Oman waters and put mines in Oman waters and now shoot at anyone trying to removing those mines in Oman waters. Nobody, not even the Iranian government, claims that is their water.
I feel glad that I never went paid (though I do pay for software and services). Bitwarden always seemed laggy: both the development pace and the iOS app (though the latter improved a bit only in the last two years). The moment Bitwarden took VC funding ($100 million?), it was clear that it would “pivot” to enterprise, raise prices for consumers and do other things that describe enshittification. It’s probably in the same league as 1Password (another scummy company with similar practices and deteriorating applications).
On password managers, anyone using ProtonPass want to chime in on how it is? I’ve read online that Proton (as a company) has a tendency to start working on new things all the time and let the ones they created remain half baked and languishing (to some extent).
I’m not into KeePass and other local password managers since I need a shared solution for multiple people using the same vault.
The BitLocker exploit seems simple and very dangerous. Companies and individuals have been relying on BitLocker to protect information if the device is lost. Despite promises, Microsoft doesn’t seem to be serious about security.
What will it take for more companies to truly understand their risks with Windows and being locked into Microsoft’s platforms?
Note that RedSun and Bluehammer were silently patched, with no response to the CVEs by Microsoft, and not accrediting the researcher's work.
That's what this is about. Microsoft doing bad security practices while trying to get away with it, leading to this outcome.
The researcher also claims to have another version ready which allows to also bypass TPM+PIN via a similar backdoor, which I'm inclined to believe.
Why do I believe that? 5 ring 0 zero days within 3 months are so statistically unlikely to be found, by the same person, in such a short time. Whoever this person is really knows their exploits, and must be in the league of Juan Sacco.
the only way to bypass PIN would be an actual backdoor in Bitlocker. no way around that. an actual backdoor in microsoft encryption was never documented, and there are Snowden documents showing FBI pressing Microsoft into introducing one and Microsoft refusing
You're assuming the PIN was ever connected to the key itself in the first place. We don't know how that mechanism works, it could just be a totally separate gate that IS bypassable.
We can just do research to figure that out? The recent trend towards conspiracy theories against things that are trivially discoverable is so frustrating.
The article shows that the PIN-entangled key material can still be downloaded directly from the TPM.
This means it's vulnerable to an offline bruteforce attack to derive the PIN.
So it's still doable, even in an automated fashion, just slower.
With today's multi-GPU cloud systems available to everyone with a credit card, you can probably crack the default-length 6-digit PIN the same day you extract the key protector.
I'm glad we were able to move past "We don't know how that mechanism works, it could just be a totally separate gate that IS bypassable" and into the actual way the mechanism works!
> The article shows that the PIN-entangled key material can still be downloaded directly from the TPM.
Not exactly, the TPM has PolicyAuthValue(PIN), so the PIN also needs to be provided to the TPM to unseal the material, and the hardware anti-hammering should prevent brute forcing it this way. The blog post documents dumping the PIN-entangled key material by MITM-ing the TPM communication while a user enters the PIN; the entanglement is a belt-and-suspenders approach.
Where are you seeing that? I can't find it in the article.
It wouldn't make sense to me for that to be the case if the article details how the driver does it own unwrapping/decryption after the KP is extracted. Plus it would probably mean they're lying about TPM+PIN being defeatable.
> The blog post documents dumping the PIN-entangled key material by MITM-ing the TPM communication while a user enters the PIN
I really don't think so... the screenshot with the PIN entry I think was only for hooking his debugger up in order to reverse the driver's decryption process. I don't see where they mention how/when the KP is actually extracted. It looks to me like it's transmitted during boot _before_ the PIN entry, so that the software driver can decrypt it after the user enters the PIN.
They list the steps as:
1. Extract TPM data. The TPM data is encrypted Key Protector (aka KP).
2. Generate the decryption key of KP
3. Decrypt KP
4. Extracting encrypted VMK
5. Decrypt VMK using KP
I didn't see anything about needing to enter a PIN in order to get the TPM data.
If the TPM required a PIN to extract anything, I think there would be no need to manually decrypt anything in software as they show with the python code.
Of course I could be wrong... please feel free to provide more info.
> If the TPM required a PIN to extract anything, I think there would be no need to manually decrypt anything in software as they show with the python code.
Like I specifically pointed out, it's belt and suspenders.
> Of course I could be wrong... please feel free to provide more info.
> Indeed, by analysing the decryption process, it appears that the user’s PIN is sent to the TPM which releases the intermediate key only if the provided secret is correct, thus effectively preventing offline bruteforce attacks.
> Secondly, no data is returned when the PIN is incorrect, which indicates that the PIN or a derivative is sent to the TPM for verification.
Interesting... I wonder why that wasn't mentioned in the previous article, and why an intermediate key is even necessary in the first place. Not sure what you mean by belt and suspenders by the way.
Now I have to wonder if the exploit author's definition of "it works with a PIN" is simply "it works if you enter the correct PIN" and just somehow left out that important detail... I don't know. Perhaps everyone is just guessing that they meant it's possible to exploit without knowing the PIN at all.
I suppose they could be lying too, but I would hope they would be smarter than that given their apparently successful track record /shrug
> I wonder why that wasn't mentioned in the previous article, and why an intermediate key is even necessary in the first place. Not sure what you mean by belt and suspenders by the way.
Belt and suspenders = the industry standard term for "you have one protection you rely on, you add a second that should help." Stuff like ASLR, for example. Or in this case, the stretched key material. The belt is the TPM PIN anti-hammering, the suspenders are the key stretch / entanglement.
> Perhaps everyone is just guessing that they meant it's possible to exploit without knowing the PIN at all. I suppose they could be lying too, but I would hope they would be smarter than that given their apparently successful track record /shrug
Trusting the word of exploit developers, especially random anime avatars on GitHub, is always a bad idea no matter the recent track record. Self promotion is very powerful in the security industry and every claim deserves independent research; that's at least half of the original point I was trying to make about conspiracy theories.
Personally, I suspect the exploit author had a disk with multiple enrollments in addition to the TPM + PIN one, and broke a parallel strategy.
It's not clear why I'd trust a company with decades of track record of being exploitable and a trillion dollar reputation to prop up over an anime avatar with a track record of finding exploits.
I've watched my work laptop reboot in the middle of installing Windows Updates without prompting me for a Bitlocker key. It seems obvious to even the casual observer that the pin isn't always required.
I don't remember which updates triggered it, but that was September 2015.
From the perspective of the TPM, I have now learned that it is required for it to release the key.
Perhaps those updates didn't really reboot in the traditional sense. If you turn the machine fully off and then back on, and it still doesn't ask for a PIN... now you have my attention.
Bitlocker can be "paused", which really means the key is written unprotected to disk. This can be done by the user, but also happens temporarily during updates that would change bootchain measurements, because those measurements are used by the TPM to decrypt the key (hence changing them would make the key undecipherable).
I can see someone taking advantage of that under the assumption you can get the machine to update while it's powered on (and already unlocked)... but hopefully that's not what they're calling "TPM+PIN is vulnerable too".
> the only way to bypass PIN would be an actual backdoor in Bitlocker. no way around that. an actual backdoor in microsoft encryption was never documented, and there are Snowden documents showing FBI pressing Microsoft into introducing one and Microsoft refusing
A USB stick containing a masterkey to decrypt a bitlocker volume is literally the definition of a backdoor.
Smells like a compromise. Microsoft enables BitLocker by default, thus protecting companies and users at scale. But the price is a backdoor they hope noone finds.
Someone else claimed this doesn't affect people who actually care about security and enable boot-time password protection.
> no, to access a bitlocker volume which automatically decrypts
> thats an LPE, not an encryption backdoor
No. RedSun and Bluehammer were LPEs
> the USB stick doesnt decrypt bitlocker, it just gives you root after bitlocker was AUTOMATICALLY decrypted
No, that's not what the bypass does. Maybe go try it out and verify it before you come to your quickly made conclusions?
It's not tied to "automatically decrypted" volumes, whatever that would imply for your setup requiring a pretty pointless TPM keystore for that.
If your case were true, it would also imply that any bitlocker cryptography never really worked because it was automatically decryptable without the need for a password/hash/whatever to get your keys from the keystore, which actually makes it so much worse. Even worse than the previously known coldboot attacks.
Linux can decrypt BitLocker-encrypted drives. The cryptography is known and solid. The issue is that, as 'aiscoming says, its surroundings in Windows make the quality of the cryptography irrelevant.
In the default BitLocker configuration, Windows puts all the key material in the TPM, locked behind the usual trusted-boot stuff: known-good BIOS hashes the bootloader and tells the TPM, bootloader hashes the kernel and tells the TPM, kernel hashes the initial process and tells the TPM, (I’m not sure how far it goes in this specific application,) and at the end of it the TPM won’t release the keys unless the entire chain was correct. This process does (modulo TPM flaws) ensure the disk will only be decryptable when in the original computer running the original OS. It does not ensure that the original OS will not subsequently give a root shell to anyone who walks up to the keyboard and types in a cheat code, and that’s essentially what’s happening here.
Celebrite et al. take a similar approach: after your Android phone boots and you first enter your PIN (which, unlike with BitLocker defaults, is required to unlock the TPM, thus the distinguished status of “before first unlock” aka BFU vs “after first unlock” aka AFU), the key material is already in RAM and breaking dm-crypt is not necessary; all that’s needed is find a USB stack vulnerability or a Bluetooth stack vulnerability or whatnot that can be leveraged into a root shell.
Note that Microsoft did take the “Linux can decrypt drives in TPM-only” scenario into account. If any UEFI settings are changed related to stuff like boot order, the computer is supposed to see that the settings have changed and require the recovery password to unlock the volume. Knowing the quality of vendor firmware implementation, I’m not sure how well this works in practice.
Agreed that the default Bitlocker config is much less secure than having a PIN at boot time due to the amount of code that gets run.
Microsoft has never seemed to treat bitlocker seriously.
Back in the windows 7 days you could stick a windows installer CD in and press Shift+F7 or something and get a system command prompt with the drive unlocked.
Surely when someone said 'we're gonna let the installer unlock bitlocker' they immediately thought 'That means the whole installer needs to be as secure as the login screen' right? Seemingly not.
> Back in the windows 7 days you could stick a windows installer CD in and press Shift+F7 or something and get a system command prompt with the drive unlocked.
On my birthday iirc once long time ago I think in 5-6th class not sure, my brother gave me his laptop, I wanted to do python but python wanted admin password on windows to install properly. So what I did was I dont even remember how, but download one operating system which could then crack the windows password so that I can set new and I used that to then set a new password to then install python. to then only print hello world :D (I think only because one of the cousins I really admire mentioned that he made 2k loc of python once and I thought during that time, python is the endgame). We are talking about windows 7 but I think that windows 10 security must've gotten better. So these are some things that I have done, I wouldn't call it coding as much as tinkering but I love doing these things from as long as I can remember :D
> What will it take for more companies to truly understand their risks with Windows and being locked into Microsoft’s platforms?
What? Most Linux distributions don't even enable FDE by default, and even when they do, they frequently use the exact same system as BitLocker (automated unlock sealed to TPM PCRs) with the exact same vulnerabilities (any signed OS image with a postboot authentication bypass gets you the disk content, as does any method for inspecting the state of system memory). This is an architectural tradeoff you can make on any platform and has nothing to do with "lock in."
It's straightforward to configure BitLocker disk encryption to be more secure, but it creates enormous headaches for admins, so they don't do it.
I do think that Apple have some better security defaults for FileVault ("enabling" FileVault basically consists of wrapping the existing hardware UID entangled key with the user's password as well) but this strategy does create big issues with remote password rotation or delegated authentication (ie, Active Directory), which is probably why Microsoft don't choose it as a default.
>Most Linux distributions don't even enable FDE by default, and even when they do, they frequently use the exact same system as BitLocker (automated unlock sealed to TPM PCRs)
Do they? Any time I've done FDE it's always been luks with a password, I've never seen one go for TPM by default!
I've only recently implemented luks+TPM on a personal laptop (and that was a PITA to do).
Ubuntu does this with Hardware Backed Encryption option in the installer, which I think they’re trying to move up the list (it’s already the default in Ubuntu Core, which makes sense for that application).
I didn’t find it too difficult to set up TPM backed encryption on Arch using systemd-cryptenroll for my home server, although for anything I use interactively I just use a passphrase instead.
Given that the other two vulns were silently patched, no CVE, basically screams this is a backdoor.
If this is a fed mandated backdoor, I guarantee Microsoft/Windows isn't the only one either, they are just the only/first ones to get caught. I'd be suspicious about every single commercial, closed source operating system or encryption product in the US right now.
Along with other facets of this, what are the odds a "bug" would also automatically erase evidence of itself from the bootable USB stick when it activates?
If it's replaying a filesystem transaction like others have said, I can see where it makes sense to erase the files afterwards. You don't want the same transaction replayed twice.
The basic design of the most common mode of operation for bitlocker, where the TPM hands over the deception keys to the drive when Windows boots without requiring a PIN or anything, indicates how unserious they are.
It seems undeniably a backdoor, why on earth would a very specific folder/file name and a specific boot combination just "magically" open up an encrypted drive.
It also doesn't help this comes from a person who likely was close to the development at Microsoft (one way or another) as their recent disclosures are quite alarming.
Of course, this could technically be the stars aligning type bug, but it seems like a purposefully planted backdoor to me.
Just booting opens up the encrypted drive. Windows gets the key out of the TPM.
Which leaves an enormous attack surface. If you can break Windows before logging in, you can effectively bypass bitlocker.
"Windows loads some file in System Volume Information automatically" is not evidence of a backdoor. And you have to put specific exploit files in there to turn this into an attack. You don't just make the folder.
It's still possible this is a backdoor, I guess, but there's nothing as blatant as you're implying.
I’m subscribed to Infuse Pro for several years now, and I agree it’s one of the top purchases I’ve made (and keep paying for).
The lists, drive shares and libraries on Infuse are more than enough for me. I didn’t have an interest in adding Plex or Jellyfin (or Emby?) to the mix.
> It's a wonder that cells get anything done at all.
> The first time I did these calculations, I felt an intense appreciation for biology. And now, I want everyone else to feel the same. We ought to teach students of biology to think as mathematicians: to carefully quantify biology, to think in absolute units, and to develop a feeling for the organism.
It was interesting to read this article, but I think I would’ve understood a lot more if this entire piece had been (or were) an animated video that described it. Text and a few animations don’t do enough justice for the passion, knowledge and detail that’s in this article, IMO.
I can’t help but agree on the points made in this post. I don’t want the pain of Windows (or another non-Apple OS), but Apple isn’t making it easy to recommend its software on the quality front. If John Ternus puts more focus on what Craig Federighi and Eddy Cue aren’t doing, there is a chance for Apple to make its software better.
As I said in another comment here, when things just work, it seems magical and awesome. But the same areas where deep integration creates the magic is often riddled with a lot of bugs. I report many issues to Apple and follow up those reports with updated information, but most of them don’t get any attention. I don’t have a mental model for where all the feedback and issues go to and who looks at them or takes ownership of them.
> While I don't doubt they do happen to some unfortunate users, it's important that they report it so that Apple can troubleshoot. It could very well be that, much like myself, nobody at Apple is seeing this, and therefore it's not investigated.
I report a lot of nagging issues to Apple through Feedback Assistant. I keep updating the same issues and provide instructions as well as the device diagnostics and any photos/videos. But almost all of them don’t see any kind of action at Apple. They just linger on for years. Only if it’s an OS crash or an important Apple app crashing, it may get some attention.
There are many instances when “things just work” and it seems magical, but in those same areas, there are often too many bugs and issues where one has to do this whole dance of restart, re-pair devices and so on. It used to be that Windows was the butt of frequent jokes on restarting, but Apple’s software has gotten closer to that in many aspects.
I personally suspect that Apple doesn’t have a dedicated and good QA in place. There doesn’t seem to be a push from the top down for software quality. That attention to detail that Apple was famous for is missing on software quality.
I'm 1 for 1 on Feedback Assistant. I reported a flaky 10 year old thunderbolt display to them a few years ago, thinking I was probably just shouting into a black hole. It took them six months, but they actually responded to it with a diagnosis (bad hardware) and a workaround so I didn't have to trash the display.
AFAIK, upvoting a flagged submission cancels out the flagging to some extent. I don’t know the internals of how this process works. I’ve upvoted the submission in an effort to get it unflagged (it still may not get to the front page or may rapidly drop down though).
reply