edelbitter 18 hours ago

We're at something like 116 now and they keep coming up with funny terms for it.

secure enclaves, secure virtualization, trusted execution environment, trusted platform, confidential computing, protected execution, LaGrande, protected launch, hardware attestation, ..

red_admiral 14 hours ago

It was, back when I took my intro to security class. And that was back in the day when we talked about domestic and export versions of RSA.

creer 13 hours ago

> I thought not trusting clients was already security 101?

Of course it is. Always has been.

The security field is riddled with complete nonsense. Much of it even couched in terms of "best practices". It's the perfect field for people with zero specific knowledge or experience to be trusted with management or engineering - since it doesn't matter until it did matter, at which point a mild non-apology is usually sufficient.

  • TeMPOraL 7 hours ago

    Security field isn't about security, it's about managing liability. "Best Practices" don't need to result in actual security - what matters is that, if you follow them and a security incident happens, you can say you followed the Best Practices and therefore It's Not Your Fault.

    • creer 4 hours ago

      You are right. And by now an "it will be fixed next month" seems to be enough. even when nothing is fixed.

nicman23 15 hours ago

sorry we only can install a literal rootkit on your device to detect tampering

ehutch79 16 hours ago

I am still surprised by how often this is a problem

palata 20 hours ago

It is, but most software doesn't include security.