←back to thread

Mitigating the Hetzner/Linode XMPP.ru MitM interception incident

(www.devever.net)
341 points hlandau | 1 comments | 20 Oct 23 20:31 UTC | HN request time: 0s | source
Show context
liquidk ◴[20 Oct 23 23:06 UTC] No.37962482[source]
The provider has access to the host, they can just inspect the job from the outside and you won’t be able to tell
replies(3): >>37962632 #>>37962862 #>>37963439 #
the8472 ◴[20 Oct 23 23:27 UTC] No.37962632[source]
secure boot + virtualized memory encryption is supposed to prevent that, you'll have to trust intel/amd though.
replies(4): >>37962858 #>>37963072 #>>37963119 #>>37963152 #
jeroenhd ◴[21 Oct 23 00:50 UTC] No.37963119[source]
Secure boot on a cloud machine is pretty useless, there's nothing stopping the hypervisor from injecting code into the running machine. Theoretically virtual machine memory is encrypted, but you'll just have to trust the hypervisor's word for it. You can try to verify the boot chain all the way to the hardware keys, but if the hypervisor just replaces your `JNE` with a `NOP` you'll have a hard time automating your protections.

I suppose you can transfer the keys out of the machine over the network (and hope the hypervisor doesn't replace the socket buffers just before transmission) and verify them off site, but guest machines will always be just that: guests on a host that has all the power.

replies(2): >>37963224 #>>37964890 #
1. kuschku ◴[21 Oct 23 07:44 UTC] No.37964890[source]
The Hetzner server used here was a dedicated, physical server.