[Moderator's note: Top posting is considered untasteful. --Perry]
It doesn't need to be malicious. It depends on the situation.
For example, lots of corporations do SSL session inspection using
products like Bluecoat. The Bluecoat does a MiTM attack to expose the
plaintext for analysis, and
When I looked at this circa 2001-2002, for another company, other 27MHz
keyboards didn't even bother to encrypt. Most of the data was sent in
the clear, with neither encryption nor robust authentication.
Exactly what makes this problem so difficult eludes me, although one
suspects that the
2. E2E crypto on mobiles would require cross-vendor support, which would mean
that it
would have to go into the standard. Unfortunately, standards in the mobile
world are
heavily influenced by governmnets, and the four horsemen of the apocalypse
(drug
dealers, paedophiles, spies, and
Dave Korn wrote:
Ian Farquhar wrote:
Maybe I am showing my eternal optimist side here, but to me, this is
how TPM's should be used, as opposed to the way their backers
originally wanted them used. A removable module whose connection to a
device I establish (and can de-establish, assuming
It seems odd for the TPM of all devices to be put on a pluggable module as
shown here. The whole point of the chip is to be bound tightly to the
motherboard and to observe the boot and initial program load sequence.
Maybe I am showing my eternal optimist side here, but to me, this is how
I agree with Peter here. I also tried to procure a motherboard with a TPM chip
- to play with Bitlocker mostly - and came to
the same conclusion.
I did find a few MBs, mostly from Intel, and a couple of other vendors. All of
these were corporate-style MB's, as opposed to
the gamer/enthusiast
On Thu, May 03, 2007 at 10:25:34AM -0700, Steve Schear wrote:
Well, there's an idea: use different physical media formats for entertainment
and non-
entertainment content (meaning, content created by MPAA members vs. not) and
don't sell
writable media nor devices capable of writing it for
Some of the locks have special indicators which flag that a TSA key has opened
it, which marginally improves the idea, but not
by much. Whether those flags could represent a defence in the case of a
corrupt official in possession of TSA keys I do not
know.
Without such flags, it's an
The other problem for this technique is battery life.
Let's assume we can shove a firmware update/hack/whatever into the phone to
enable snooping, it's still transmitting when acting
as a bug. Even if this feature is only enabled when the phone is geolocated
somewhere interesting, the
At 09:30 PM 2/11/2004, Peter Gutmann wrote:
The JTAG interface is your (that is, the reverse engineer's) friend. This is
why some security devices let you disconnect it using a security-fuse type
mechanism before you ship your product. Of course that only works if (a) the
device allows it, (b)
At 05:43 AM 21/09/2004, Hal Finney wrote:
I believe this is a MAC, despite the name. It seems to be easier to
create secure MACs than secure hash functions, perhaps because there are
no secrets in a hash, while in a MAC there is a secret key that makes
the attacker's job harder.
Interestingly, a
11 matches
Mail list logo