Profile picture
Matthew Green @matthew_d_green
, 7 tweets, 3 min read Read on Twitter
Several SSDs with hardware encryption appear to be busted. But the really terrible thing is that Bitlocker apparently relies totally on the SSD encryption if you have it. ru.nl/publish/pages/… via @ProfWoodward
Oh god this is so bad. I don’t even.
Oh. My. God.
I don’t know if I can keep reading this paper. It just keeps getting dumber.
The encrypted SSD has a master password that’s set to “”. But don’t worry, customers, you can turn it off! Everything will be fine.
Being earnest now: Microsoft trusting these devices to implement Bitlocker has to be the single dumbest thing that company has ever done. It’s like jumping out of a plane with an umbrella instead of a parachute.
And not even a real umbrella. More like one of these.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Matthew Green
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @matthew_d_green see all

Profile picture
The Facebook stablecoin (if it works, scales, gets deployed and adopted by non-Facebook companies, doesn’t get regulated into dust) is going to be a massive game-changer for the financial services industry. Fight me.
Hell, even if Facebook is able to make a credible run at deploying the thing, it will give them huge leverage with their banking relationships. No more closed (to FB) instant networks like Zelle, reduced transaction fees, etc.
Summary of the comments: (1) a bunch of people seem to think asset-backed stablecoins won’t be allowed by regulators, or that people won’t use/trust them. That horse has already bolted. google.com/amp/s/www.coin…
Read 5 tweets
Profile picture
The theory, for what it’s worth, was that the big brand name services would behave better than the fly-by-night shady data brokers. Much as CVS is perceived as less likely to put Fentanyl into your medicine than, say, the drug dealer on the corner.
The sole redeeming feature of the centralization of the web was supposed to be improved data handling. Better security and oversight of partners (like ad networks etc.) Instead we got Facebook treating your data the way a teenager treats a house when the parents go out of town.
The Facebooks and Googles would do this voluntarily, in part because it’s smart business — don’t give away the store. But mostly because it’s way easier for governments to target them with punitive regulations.
Read 4 tweets
Profile picture
@LargeCardinal The group messaging mechanism is very different. In Signal (app) group messages are layered on top of the existing pairwise messaging system. To add a new user, you (an existing user) have to send encrypted control messages to each existing user. The server can’t do this.
@LargeCardinal In fact, the Signal server doesn’t even know what a group message is. As far as it’s concerned, when I send a message to a group of N people, it just looks like I’m sending a bunch of pairwise messages at the same time.
@LargeCardinal In WhatsApp (as of a few months ago) the server knows what group messages are. It actually sends special control (add/remove) requests to the members of the group, and it handles multiplexing group messages to all of the other users.
Read 4 tweets

Related threads

Profile picture
"Understanding #encryption & the #aabil" for #dumbbastards like me
.#Encryption & #privacy are strongly & deeply connected.
"Privacy", as understood in AU, is an individual's #humanright to #privacy, as enshrined in legislation, created in the @Parliament's, both federal & states, to guarantee individuals their #HumanRight as detailed by the @UN & interpreted by our legislators & the courts
Read 27 tweets
Profile picture
Apparently it is a terrible thing for me to name that "queer is a slur" is weaponized against queer people speaking about their experiences, so I must be told repeatedly that actually, queer is a slur.

You know that is just...grating AF as a queer person. Can we talk about this?
I get that not everybody likes the same language. See the differences in bi and pan communities over how people feel about identity labels, for one.

Obviously, purposefully using the wrong identity label for someone is harmful.

So I try to only call queer people queer
But it would be nice if, when I'm talking about queer experiences, I didn't have people jump down my throat with "BUT QUEER IS A SLUR"

I could talk more about how this is derailing and disrespectful and a double standard (see: gay as an identity is accepted, queer less so)
Read 10 tweets
Profile picture
Totally believable. Someday I'll tell the story of how in a 6-month period

* I was hired at Twitter to manage a growing anti-abuse team
* hiring was frozen
* an exec seized control for his own glory
* my team was decimated
* I and others were laid off
* I got no severance
What I would like to be true: social media execs fight abuse because they don't want their platforms to be instruments of injury, oppression, and harm to society.

What I think is really true: execs treat abuse as a PR problem. They do the minimum to make the shame stop.
When an individual human feels shame but not guilt, that's a problem. It leads not to moral behavior, but to *performing* morality until the heat is off. We'd probably call a person like that a narcissist.
Read 16 tweets
Profile picture
ING reaches settlement agreement with Dutch authorities on regulatory issues in the ING Netherlands business ing.com/Newsroom/All-n…
Have any of you noticed the uptick in “money laundering and corrupt practices” fines & disgorgement of tens of millions & in some cases billions as of late?
I have, Merils, USB and now ING...
ing.com/web/file?uuid=…
Wait WHAT Uzbekistan...alrighty then
And Women’s Apparel Company
Gawd I really do love watching the BSA/AML just come for justice.
Read 8 tweets
Profile picture
Det är så klart ett underbetyg för den svenska skolan att det finns individer på 30+ som är omedvetna om kommunismens illgärningar. Vi afghaner har också fått smaka på hammaren och skäran. Jag tänkte lite kort berätta om en händelse i den lilla byn Kerala en aprildag 1979.
Kommunisterna hade ju som bekant tagit makten i Afghanistan genom en blodig kupp 1978. Den nya regimen var fast övertygad att implementera sina reformer med våld. Alla som vågade trotsa regimen skulle få möta döden.
Eller som den dåvarande presidenten uttryckte det i ett radiotal ”Anyone who conspire against us in the darkness will meet the darkness”.

Det ödet väntade byborna i Kerala i provinsen Kunar i östra Afghanistan. En aprildal 1979 rullade tanks och 200 soldater in i byn.
Read 12 tweets
Profile picture
Totally didn’t start out to make this an MC Escher tweet experiment, but here we are. If you haven’t already, read all this, and then we’re going to talk about something called Reflexive Control
twitter.com/i/moments/9853…
Reflexive control is an old Soviet tactic. Here’s a formal definition:
a means of conveying to a partner or an opponent specially prepared information to incline him to voluntarily make the predetermined decision desired by the initiator of the action.
There are lots resources about this on the web, but this is the most mainstream/digestible article I’ve found so far:
businessinsider.com/reflexive-cont…
Read 41 tweets

Trending hashtags

#Albanian #word #Privacy #45DaysOfElvisCostello #religion #SundayMorning #LockHerUp #Ancient #GDPR #Resistance #Indian #privacylaws #Brahmanism #civilizations #LUNAR #Busted #WhiteSupremacy #names #DeepStateInPanic #Aryans #Exvangelical #Egypt #Solar #Ukraine #Stoléru

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!