Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

They're running on VMs, not bare metal, presumably, because their (new) server's reverse DNS is vps-*, and previously on Digitalocean. You can just dump the VM's memory space while unlocked, can't you?

A lot of this seems like security theater, especially while still hosted behind Cloudflare.



Oops.

Yeah, here it does seem security theater.

But still, it was a good writeup. I mean, dropbear and all.

I have no clue why they're using VPS, after all that. I mean, if they're a real business, they ought to just setup a server, and ship it to Iceland. If the want the ease of VPS, it's easy to do secure KVM in a FDE server. Even with Docker containers within KVM, if you like.


“If they’re a real business” - this is the sort of dribble HN is reduced to? A real business can’t run on a VPS?


It's not that a "real business" that talks about FDE, and has moved to Iceland for better security, can't run on hosted VPS. But they're being disingenuous if they do so.

But what I mainly meant is that a "real business" can afford to build secure servers, ship them to Iceland, and send trusted staff to set up and configure them.


Ok cool. Now I understand very clearly. Thank you.


I believe the point here is that they claim that they care about security, while their Icelandic VPS hosting provider can just dump the host server memory, which would include the encryption keys.


Then can’t we say that? “If they truly cared about security they wouldn’t use a VPS”. It just rubs me the wrong way the way it’s worded.


Yes, I should have been clearer. Sorry.


This is a good point. We are moving to a dedicated server to resolve this issue.


Nice :)

You probably know this, but anyway. If you're setting up FDE with dropbear on a remote server, it's best to build the installer on the machine.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: