On Mon, Apr 28, 2008 at 03:12:31PM -0700, Ryan Phillips wrote:
What are people's opinions on corporations using this tactic? I can't
think of a great way of alerting the user, but I would expect a pretty
reasonable level of privacy while using an SSL connection at work.
Expectations of
No need to be a major power. Linux patches x86 code, as does Windows. I ran
across a project several years ago that modified the microcode for some i/o x86
assembly instructions. Here's a good link explaining it all.
http://en.wikipedia.org/wiki/Microcode
All this hw/sw flexibility makes
[EMAIL PROTECTED] wrote:
No need to be a major power. Linux patches x86 code, as does Windows. I ran across a project several years ago that modified the microcode for some i/o x86 assembly instructions. Here's a good link explaining it all.
What the OS or the BIOS loads is files that
The signature in the microcode update has not the same
meaning as within crypto. For intel chips it has 31bits and basically
contains a revision number. The requirements for the BIOS for
checking microcode updates are in short: check the crc and ensure
that older revisions cant replace new ones
On Apr 28, 2008, at 23:56, Perry E. Metzger wrote:
If you have a rotten apple engineer, he will be able to hide what he's
trying to do and make it look completely legit. If he's really good,
it may not be possible to catch what he's done EVEN IN PRINCIPLE.
Fred Cohen proved in 1984 in his
On Apr 28, 2008, at 2:56 PM, Perry E. Metzger wrote:
I'm pretty sure we can defend against this sort of thing a lot of the
time (by no means all) if it is done by quite ordinary criminals. If
it is done by really good people, I have very serious doubts.
I think you just described all of
On Apr 28, 2008, at 12:58 PM, John Denker wrote:
Of course we should insist on an open-source boot ROM code:
The boot ROM should check the pgp signature of each PCI card's
BIOS code before letting it get control. And then it should
check the pgp signature of the operating system before booting
There are high assurance systems that exist that do eactly this. There
are two different implementations of the security unit processing the
same data. The outputs are compared by a seperate high assurance and
validated module that enters into an alarm mode should the outputs
differ.
However,
Hi,
I saw the the email concerning Shor's algorithm to me. I want to
respond to it, before the meme that Shor's algorithm has been
discredited takes root.
In one sentence, my position on Shor's algorithm:
* There are very good reasons to take a Missouri show me attitude
toward Shor's
Stephan Neuhaus [EMAIL PROTECTED] writes:
On Apr 28, 2008, at 23:56, Perry E. Metzger wrote:
If you have a rotten apple engineer, he will be able to hide what he's
trying to do and make it look completely legit. If he's really good,
it may not be possible to catch what he's done EVEN IN
On Mon, 28 Apr 2008, Ryan Phillips wrote:
| Matt's blog post [1] gets to the heart of the matter of what we can
| trust.
|
| I may have missed the discussion, but I ran across Netronome's 'SSL
| Inspector' appliance [2] today and with the recent discussion on this
| list regarding malicious
On Mon, Apr 28, 2008 at 10:03:38PM -0400, Victor Duchovni wrote:
On Mon, Apr 28, 2008 at 03:12:31PM -0700, Ryan Phillips wrote:
What are people's opinions on corporations using this tactic? I can't
think of a great way of alerting the user, but I would expect a pretty
reasonable level of
On Fri, Apr 25, 2008 at 12:22 AM, Steven M. Bellovin
[EMAIL PROTECTED] wrote:
http://www.nsa.gov/public/crypt_spectrum.cfm
I know this is silly but I could not resist to comment on some NSA redacts:
http://www.literatecode.com/2008/04/29/nsaredact/
Ilya
On Tue, 29 Apr 2008, Ivan Krsti?~G wrote:
On Apr 28, 2008, at 12:58 PM, John Denker wrote:
Of course we should insist on an open-source boot ROM code:
The boot ROM should check the pgp signature of each PCI card's
BIOS code before letting it get control. And then it should
check the pgp
I can't say I entirely followed this paper, but I'm pretty sure that the
paper neglects to take into account the fact that you can move to more
aggressive error correction as the computer scales up. e.g. rather than just
having each logical qbit encoded as 7 physical qbits, you could have each
15 matches
Mail list logo
