logoalt Hacker News

prmph01/17/20257 repliesview on HN

I thought not trusting clients was already security 101?


Replies

edelbitter01/17/2025

We're at something like 116 now and they keep coming up with funny terms for it.

secure enclaves, secure virtualization, trusted execution environment, trusted platform, confidential computing, protected execution, LaGrande, protected launch, hardware attestation, ..

red_admiral01/17/2025

It was, back when I took my intro to security class. And that was back in the day when we talked about domestic and export versions of RSA.

nicman2301/17/2025

sorry we only can install a literal rootkit on your device to detect tampering

creer01/17/2025

> I thought not trusting clients was already security 101?

Of course it is. Always has been.

The security field is riddled with complete nonsense. Much of it even couched in terms of "best practices". It's the perfect field for people with zero specific knowledge or experience to be trusted with management or engineering - since it doesn't matter until it did matter, at which point a mild non-apology is usually sufficient.

show 1 reply
antifa01/19/2025

It's so obvious, from the title I thought the article would be about trusting B2B customers.

palata01/17/2025

It is, but most software doesn't include security.

ehutch7901/17/2025

I am still surprised by how often this is a problem