New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
All this drama for his Internet Explorer looking web browser?
Pffftt.. need something more serious & important, pass.
"Unencrypted" barely even matters there. The host also has access to the memory of the VMs, so extracting any full-disk encryption keys is trivial.
Obviously it is impossible to protect VM from actions performed by node admin.
But still there are differences between encrypted/unencrypted. First one being that it 100% identifies malicious intent from provider. Just looking at VM disk can be explained by administrative/support purposes, breaking encryption cannot. Second one - it still requires some extra effort/skill.
Also for me personally reason to encrypt is not protecting against "evil provider", but against someone pulling data from hdd's sold on ebay and such.
let me just assure you it is trivial.
This is an irrelevant technicality in nearly every case, especially in the low-end hosting industry, where pretty much nobody ever goes to court over anything.
It requires running two commands instead of one. There are automated tools for extracting secrets from RAM.
Sure, that's a valid reason to do full-disk encryption. So long as you understand that the encryption is basically only useful for at-rest encryption (which means not for an active service), it can be a perfectly valid choice. Just don't underestimate how trivial it is to bypass it on a live system.
A master key? To his windows install? I'm going back to bed.
I'll let my own reputation and long history of supporting my customers do the talking on this one.
We have tickets from him where he admits he didnt login to the server "for ages". Theres been plenty of nasty as hell exploits over the years and he got popped in 2017.
Theres been multiple RDP exploits in the past year, nevermind stuff like wannacry and similar.
Whatever
Francisco
No need to defend yourself, Master Fran.
Anyone with an ounce of a brain can see that the guy is shitting in his pants to divert the heat from him.
It's cristal clear to me that @Francisco saw an opportunity to dominate the world by changing ShitMoonBrowser's code, invading an twisting his own network of Windows 3.11 BuyVMs. In his diabolic mind, he wanted to change the moon's course by sending a DDoS attack from all corrupted browsers. Luckily he was busted and decided to go back to bed and now this non sense thread can be finally closed.
I feel like hacking a single specific mirror by the provider for no gain that gets 1 download a year and no one notices it's compromised for 2 years because no one downloads it is really stupid and pointless.
There are much easier targets to replace a binary. Their official downloads page basically eschews the free software hosting and build services/CI/etc to produce this:
And they don't enforce HTTPS and default to HTTP and the author has argued about how he won't enforce or redirect to HTTPS either.
There are security through obscurity methods, such as various Digital Restrictions Management schemes, that make it non-trivial to bypass encryption. It's not security, but deterrence.
DRM systems have absolutely nothing to do with full-disk encryption. They're entirely different systems with entirely different technical characteristics, and most importantly, the (very limited) 'deterrence' effect of DRM is not portable to FDE.
So no, FDE remains trivially easy to get around on a live system when you control the host node, and always will be.
No, it's not portable to FDE, but the DRM scheme is applicable to sensitive data (for DRM it's a movie file, but for VPS it can be a database or virtual disk).
In my estimation, the characteristic that AES key never appears in the RAM in full is an effective (albeit very limited) deterrence for most low-end hosting providers.
don't blanket blame Americans you idiot
If what Fran says is the case, disk encryption or any other measures are beyond this person's thinking. It sounds like this person might not have even been keeping up with Windows patches. Where I work, we have rolling downtimes on our Windows servers once a month. If this person had a habit of not logging into a server "for ages", who knows what exploits he/she ignored?
Well, to be reasonably fair, I believe it was an archive server that got hacked.
If the team is small or even one man, chances are that such a server is overlooked.
Though, from what I can tell from blame-shifting game he is pulling, he is pretty much incapable of anything.
some people don't have clue what you are talking as much easier to pretend to be stupid - tell that is complicated and blame someone else.
This is why I never understood the whole "bare metal kvm". Defeats the security of a properly configured dedicated server.
I've also been considering moving my KVMs to a dedicated server for this reason but it's such a pain i the ass to deal with a failure of a dedicated server.
I need more research into how to setup an easy to maintain virtual system on a dedicated server. Esx came to mind but backing it up became also annoying. Need a solution thatcan work well with a deduplication backup platform
I'd suggest Proxmox, got it running on about a dozen servers at this point. Not sure about de-duped backups, never attempted that, but it might be possible.
This is specifically why you digitally sign your releases. This developer sounds like a risk to his users
@Francisco fucked my bitch I concur
Fake news.
I'm not into furry stuff.
Francisco
Pale moon been sippin' lean
Seems like the moon is extra pale with this one..
pale moon off the sizzurp
my bitch waxes, @Francisco
thank u v much
issue my direct admin license thnx
thing is .... when their weak shit eventually, inevitably gets pwned yet again
will they still be looking to blame Francisco for their woes ...?
Seems to be the epitome of insecurity ...
A poster-child of vulnerability, if you will.
(Or even if you won't - it don't make no nevermind to me!)
What about during the winter?
my bitch still finna wax the beaver fur
Ya bitch does the brazilian wax style?