> The sensible alternative is to not enable this functionality at all.
Far too many people seem to think the solution to security problems to ignore security and only consider the features you want.
This is such a bad idea that I'm starting to question the motives behind it. If I wanted to break the security of an important class of software, it would look something like this "standard".
> USB security is a joke
Most hardware security - USB or otherwise - doesn't exist. Local peripherals were never designed with security in mind.
>
And what exactly do you call a machine that you are, by design, cryptographically locked out of, but a third party has access to?
Not a perfect solution, but such a problem can be mitigated by a firewall that blocks such ingoing/outgoing packets.
> I'm playing devils advocate here, but fundamentally if you don't care about actually controlling or being able to modify something, and pricing is cheaper to rent, why own?
Since I love to tinker with my computers, the answer is obvious to me.
If they are using md5 ssl certs, it's unlikely securing them is possible. I wouldn't be surprised if there are a dozen or more security vulns in such outdated devices.
>Yeah, it seems like this would have to be accomplished with a Management Engine application or something of the sort, otherwise probably easy to circumvent.
The correct solution to this is secureboot. No need for ME shenanigans.
> There is absolutely no reason to do that using hardware. Build an online portal where users can upload images and then check them yourself before offering them as background choices.
Doesn't that just move the threat surface? Now instead of having to convince end users to put something on a USB stick, you have to try a password dump against your interface.
> I don't understand why anyone who actually cares about security uses Bitlocker, and not one of the systems that ask for a password before booting Windows.
> And they are single purpose devices that don't run arbitrary code nor accept arbitrary input.
But be careful designing firmware upgrades though. Also I really don't see what kind of attack it prevents when you have a trusted keyboard and display but otherwise compromised OS.
>It's safer to have it assume that everyone flashing it is an attacker
In other words: "let's put everyone in jail because someone might be a thief", I find this way of thinking to be moronic. I wonder how an attacker could get physical access to a machine, disassemble it and flash without getting detected. Plus, if I already have physical access to the machine and plenty of time to execute such an attack, why not just grab the drive?
I hate this trend of forcing users to run nonsense programs in order to use their devices, like Windows 11 forcing you to have a Microsoft account during the installation process.
> Wouldn't you prefer that this data only be able to be decrypted by a computer that can prove to the world it booted a clean OS image with all the latest security patches installed?
Yeah, because transferring that data into another machine is an impossible task.
If you take away the keys to my home I will not feel more secure, nor be more secure - I will be more ignorant about security, that's it. The same applies here.
> Would you feel safe picking up a random USB drive and running the programs on it?
Sure, why not? Just don't run it on the same computer that you access your sensitive data on. Given that you can buy a fully functional and tinker-friendly computer for like 20 bucks, this seems like a pretty straightforward solution.
Unfortunately, a computer that doesn't do whatever you need it to do is useless, regardless of how "secure" it is.
reply