| Hey p33ps, Now before you size me for a tin-foil hat, (7 1/2 btw) you might want to follow up on this, because it's a major exposure. The Trusted Computing Group (trustedcomputinggroup.org) is rapidly ushering in a new Trusted Platform Module. I'm sure that many of you are aware of this technology. A thorough reading of the specification is quite refreshing and there are many excellent benign uses for the technology as specified. These include a secure file system implementation, secure drivers, and a difficult to hack environment due to the tamper proof package of the chip itself. The TPM architecture overview repeatedly calls for owner opt in/out for the platform. The very approachable TPM FAQ https://www.trustedcomputinggroup.org/faq/ states: What has the TCG done to preserve privacy?
It is also important to know what the solutions are not:
Apple has not provided any end user controls, none, nor has it documented it's use of this technology. Furthermore, Apple has not provided any feedback regarding a legitimate complaint to the privacy officer with respect to their implementation. Even more damning is that this TPM has the capability of setting up a transitive trust relationship, which will allow enterprise system administrators full remote audit and administration. Microsoft is aiming to use WMI for this purpose, Apple is using? The TPM installed in my machine isn't owned by me. I want control of this device. I'm sure other iMac users might be surprised at this implementation too. The implications are quite profound here. Can we get some disclosure? PCSage Information Services name withheld to protect the innocent |
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
