Don't mess up secure boot with bitlocker - eviltoast
  • AmbiguousProps@lemmy.today
    link
    fedilink
    English
    arrow-up
    62
    ·
    5 months ago

    Remember, always print your recovery code to pdf and save it to the same drive. This way, when it happens, you’re forced to only use Linux.

  • ObsidianZed@lemmy.world
    link
    fedilink
    arrow-up
    27
    arrow-down
    1
    ·
    edit-2
    5 months ago

    So malware wasn’t enough, Windows wants to be a ransomware too?

    Edit: I can already see it now. “Locked out of your files? For a small fee or our premium subscription, you can restore encrypted files that we lost.”

  • Magister@lemmy.world
    link
    fedilink
    arrow-up
    21
    ·
    5 months ago

    I Always save the bitlocker info on a usb drive, in case of… I had to type the 40 or so digits a couple of time!

  • pelotron@midwest.social
    link
    fedilink
    English
    arrow-up
    20
    ·
    5 months ago

    My wife asked me to help her with her Windows laptop one day. She was stuck at the bitlocker prompt and of course didn’t remember enabling it or being given a password. I was like, WTF, they’re just randomly turning this on by surprise now? LOL

    Luckily she was able to eventually get it unlocked by calling MS support.

    • cley_faye@lemmy.world
      link
      fedilink
      arrow-up
      30
      ·
      5 months ago

      I like the “encryption, but we have the keys” approach. Makes it very secure, especially since MS never had any security breach or leak, ever.

      • lud@lemm.ee
        link
        fedilink
        arrow-up
        8
        arrow-down
        1
        ·
        5 months ago

        It’s obviously mainly supposed to protect against basic thieves in this configuration.

  • Mark@lemmy.ca
    link
    fedilink
    English
    arrow-up
    17
    ·
    5 months ago

    The bit locker key is saved to the Microsoft account of the user who set up the computer. I was messing with Linux on my new laptop and learned the hard way when it refused to boot back into Windows.

    • ZMonster@lemmy.world
      link
      fedilink
      arrow-up
      9
      arrow-down
      1
      ·
      5 months ago

      My favorite was finding out that bit locker was enabled on a forced update. The key was saved to the Microsoft account that was used to set up the lappy. Except, I didn’t use a Microsoft account because I’m not some tech marionette lemming who needs Gates hand shoved up my ass to tell me how to use my fucking computer. So I used a local account and disabled bitlocker via bios.

      Nothing was lost, but it was still a pain in the dick hole.

  • Xephonian@retrolemmy.com
    link
    fedilink
    arrow-up
    3
    arrow-down
    38
    ·
    edit-2
    5 months ago

    This ‘encrypt’ everything is such a waste of CPU and energy. Plus “oops, all your files are gone, tee hee.” HTTPS everywhere is fucking stupid. More complexity for zero benefit.

      • Xephonian@retrolemmy.com
        link
        fedilink
        arrow-up
        2
        arrow-down
        16
        ·
        5 months ago

        Great for my banking website.

        Not at all important my my IOT sensor network.

        Not EVERYTHING needs to be HTTPS

          • Xephonian@retrolemmy.com
            link
            fedilink
            arrow-up
            2
            arrow-down
            12
            ·
            5 months ago

            You think your data is secure with HTTPS? There’s always an undisclosed vulnerability somewhere.

            Patches solve specific issues but they do nothing for overall security.

            • Possibly linux@lemmy.zipOP
              link
              fedilink
              English
              arrow-up
              8
              arrow-down
              1
              ·
              5 months ago

              I don’t think there is any vulnerability in https. There are know limitations but https itself is fine. If you are talking about TLS vulnerabilities then we have much more to worry about. To compromise the content on a page someone would have to brute force TLS very fast which isn’t feasible with today’s computer. Today’s computer would take at least a few million years. But I have scene estimates that say long past the heat death of the universe.

              Even if https was full of holes it still would be better than http. Http has zero tamper protections or encryption. Companies like AT&T used to tamper with traffic to various purposes and it was feasible for them to do so.

                • Possibly linux@lemmy.zipOP
                  link
                  fedilink
                  English
                  arrow-up
                  5
                  arrow-down
                  1
                  ·
                  edit-2
                  5 months ago

                  TLS could be the most flawed system on Earth and it would still be better than no TLS. Plain traffic is just that, plain. I can do whatever I want to your web browser as I can arbitrarily change the contents of websites. I can make a page be full of ads or do more malicious things such as replacing a page with a phishing site or running something like beef which allows me to have full control of a browser and to pull all information. I could also exploit any vulnerabilities in the browser to do privilege escalation although to be fair major security CVEs are rare.

                  This is literally a community about privacy. I don’t understand why you wouldn’t want https. It works out of the box and it is implemented pretty much everywhere. If a site doesn’t use it that site isn’t really worth using as it take very little time to setup with Let’s encrypt.

              • Xephonian@retrolemmy.com
                link
                fedilink
                arrow-up
                1
                arrow-down
                13
                ·
                edit-2
                5 months ago

                Oh look, we’ve found a security ‘researcher’. Mad that your job only consists of making other people’s job harder?

                Try the DMV, that’s also a great place to work where you can inflict misery on others.

                Valuable zero days aren’t exposed. They’re sold. If someone wants your data they will get it. HTTPS means nothing except huge amounts of wasted CPU cycles and energy.

            • Doubletwist@lemmy.world
              link
              fedilink
              arrow-up
              3
              arrow-down
              1
              ·
              5 months ago

              Once again you seem to be calling for not bothering with any security effort of there’s even a remote chance of some other vulnerability happening.

              The whole point of security is that it’s always a multi-layered thing. Nobody sane is pretending that encrypting web traffic with HTTPS is a panacea that’s going to solve all your data security needs. But it is sure as hell a million times better than having all of your data transmitted in the clear, with absolutely no assurance that you’re are talking to the system you think you’re talking to, or that the data hasn’t been tampered with in transit.

              And don’t pretend https is a huge burden. It’s dead simple to get SSL/TLS certs, and the additional load of encrypting and decrypting the traffic is barely even a rounding error on modern CPUs.

        • lud@lemm.ee
          link
          fedilink
          arrow-up
          9
          arrow-down
          1
          ·
          5 months ago

          Don’t use HTTPS on your IOT sensor network then.

      • Xephonian@retrolemmy.com
        link
        fedilink
        arrow-up
        2
        arrow-down
        15
        ·
        5 months ago

        Because I have reasonable views about security drawbacks? That when I see a vulnerability, I also look at the whole situation and decide if that’s an acceptable risk, rather than screaming “Security issue!” at the top of my lungs and pretending that patching this one vulnerability somehow makes a difference when there’s always another found the next week??

        Security isn’t free, it costs us by making it harder to get work done. “Security researchers” only know how to cover their ass. I can do that without their shrieking cries of wolf.

        • ditty@lemm.ee
          link
          fedilink
          English
          arrow-up
          14
          ·
          5 months ago

          "Might as well not bother patching this actively-exploited security vulnerability, there’ll just be another one in the future, " LMAO

          • Ziglin@lemmy.world
            link
            fedilink
            arrow-up
            1
            arrow-down
            2
            ·
            5 months ago

            On a laptop you bring everywhere I think it’s ok if you seriously think somebody might try to steal your data. On a desktop computer with the drive screwed onto the motherboard who’s going to steal it?

            • Possibly linux@lemmy.zipOP
              link
              fedilink
              English
              arrow-up
              3
              arrow-down
              1
              ·
              5 months ago

              Computers are always getting faster so it always necessary to stay well ahead of the curve. The big shift recently was the that the default hash switched to defend against massive GPU farms. The modern hash requires a lot more memory but as AI pushes memory to increase we are now potentially seeing machines that can break the hash. To my knowledge that is theoretical and would require a significant amount of hardware but never underestimate the budget of the government.

    • mlg@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      2
      ·
      5 months ago

      Hey guys I found the dude who complained the github didn’t come in EXE form lmao