RE: Free Rootkit with Every New Intel Machine

2007-07-02 Thread Ian Farquhar \(ifarquha\)
Dave Korn wrote: Ian Farquhar wrote: Maybe I am showing my eternal optimist side here, but to me, this is how TPM's should be used, as opposed to the way their backers originally wanted them used. A removable module whose connection to a device I establish (and can de-establish, assuming

Re: Free Rootkit with Every New Intel Machine

2007-06-30 Thread David G. Koontz
http://www.nvlabs.in/?q=node/32 Vipin Kumar of of NVLabs had announced a break of TPM and a demonstration of a break into Bitlocker, (presumably using TPM) to be presented at Black Hat 2007. The presentation has been pulled. Significance to the exchanges on cryptography under this subject stem

Re: Free Rootkit with Every New Intel Machine

2007-06-30 Thread David G. Koontz
Looking for TPM enterprise adoption. The current version of TPM was adopted in March o f 2006, which should have limited TPM up take. There's an article in Network World http://www.networkworld.com/allstar/2006/092506-chip-security-papa-gino.html from September 2006 talking about a restaurant

Re: Free Rootkit with Every New Intel Machine

2007-06-27 Thread Jacob Appelbaum
Jon Callas wrote: On Jun 25, 2007, at 7:23 PM, Matt Johnston wrote: On Mon, Jun 25, 2007 at 04:42:56PM +1200, David G. Koontz wrote: Apple (mis)uses TPM to unsuccessfully prevent OS X from running on non-Apple Hardware. All Apple on Intel machines have TPM, that's what 6 percent of new

Re: Free Rootkit with Every New Intel Machine (aka TPM, AMT)

2007-06-27 Thread Jeff . Hodges
i'd also scrawled: my understanding from a person active in the NEA working group [1] (IETF) is that TPMs these days come along for free because they're included on-die in at least one of said chips. [EMAIL PROTECTED] said: Check again. A few months ago I was chatting with someone who

Re: Free Rootkit with Every New Intel Machine

2007-06-27 Thread Hal Finney
Peter Gutmann writes: BitLocker just uses the TPM as a glorified USB key (sealing a key in a TPM is functionally equivalent to encrypting it on a USB key). Since BitLocker isn't tied to a TPM in any way (I'm sure Microsoft's managers could see which way the wind was blowing when they designed

Re: Free Rootkit with Every New Intel Machine

2007-06-26 Thread Peter Gutmann
[EMAIL PROTECTED] (Hal Finney) writes: The idea of putting a TPM on a smart card or other removable device is even more questionable from this perspective. It's not just questionable, it's a really, really bad idea. TPMs are fundamentally just severely feature-crippled smart cards. That is,

Re: Free Rootkit with Every New Intel Machine

2007-06-26 Thread David G. Koontz
Peter Gutmann wrote: David G. Koontz [EMAIL PROTECTED] writes: There are third party TPM modules, which could allow some degree of standardization: As I said in my previous message, just because they exist doesn't mean they'll do anything if you plug them into a MB with the necessary

RE: Free Rootkit with Every New Intel Machine

2007-06-26 Thread Hal Finney
Ian Farquhar writes: [Hal Finney wrote:] It seems odd for the TPM of all devices to be put on a pluggable module as shown here. The whole point of the chip is to be bound tightly to the motherboard and to observe the boot and initial program load sequence. Maybe I am showing my eternal

RE: Free Rootkit with Every New Intel Machine

2007-06-26 Thread Dave Korn
On 26 June 2007 00:51, Ian Farquhar (ifarquha) wrote: It seems odd for the TPM of all devices to be put on a pluggable module as shown here. The whole point of the chip is to be bound tightly to the motherboard and to observe the boot and initial program load sequence. Maybe I am showing

Re: Free Rootkit with Every New Intel Machine

2007-06-26 Thread David G. Koontz
David G. Koontz wrote: I picked on one motherboard, a Gigabyte GA-P3-DQ6 which has the 20 pin header for the IEI TPM pluggable. After an extensive investigation I found no direct evidence you can actually do as Peter states and roll your own building a TPM enabled system. That includes

Re: Free Rootkit with Every New Intel Machine

2007-06-26 Thread Alexander Klimov
On Mon, 25 Jun 2007, Hal Finney wrote: The idea of putting a TPM on a smart card or other removable device is even more questionable from this perspective. A TPM which communicates via an easily accessible and tamperable bus is almost useless for the security concepts behind the Trusted

Re: Free Rootkit with Every New Intel Machine

2007-06-26 Thread Jon Callas
On Jun 25, 2007, at 7:23 PM, Matt Johnston wrote: On Mon, Jun 25, 2007 at 04:42:56PM +1200, David G. Koontz wrote: Apple (mis)uses TPM to unsuccessfully prevent OS X from running on non-Apple Hardware. All Apple on Intel machines have TPM, that's what 6 percent of new PCs? To nit

Re: Free Rootkit with Every New Intel Machine

2007-06-25 Thread David G. Koontz
Peter Gutmann wrote: Ian Farquhar (ifarquha) [EMAIL PROTECTED] writes: For example: the Gigabyte GA-965QM-DS2 (rev 2.0) which features security enhancement by TPM. More common (ASUS, Foxconn) was the TPM Connector, which seemed to be a hedged bet, by replacing the cost of the TPM chip with

Re: Free Rootkit with Every New Intel Machine

2007-06-25 Thread Peter Gutmann
David G. Koontz [EMAIL PROTECTED] writes: There are third party TPM modules, which could allow some degree of standardization: As I said in my previous message, just because they exist doesn't mean they'll do anything if you plug them into a MB with the necessary header (assuming you have a MB

RE: Free Rootkit with Every New Intel Machine

2007-06-25 Thread Leichter, Jerry
| ...Apple is one vendor who I gather does include a TPM chip on their | systems, I gather, but that wasn't useful for me. Apple included TPM chips on their first round of Intel-based Macs. Back in 2005, there were all sorts of stories floating around the net about how Apple would use TPM to

Re: Free Rootkit with Every New Intel Machine

2007-06-25 Thread Hal Finney
David G. Koontz writes: There are third party TPM modules, which could allow some degree of standardization: http://www.ieiworld.com/en/news_content.asp?id=erbium/projectOBJ00244201news_cate=Newsnews_sub_cate=Product The IEI TPM module is used in their own motherboards and some VIA

RE: Free Rootkit with Every New Intel Machine

2007-06-25 Thread Ian Farquhar \(ifarquha\)
It seems odd for the TPM of all devices to be put on a pluggable module as shown here. The whole point of the chip is to be bound tightly to the motherboard and to observe the boot and initial program load sequence. Maybe I am showing my eternal optimist side here, but to me, this is how

Re: Free Rootkit with Every New Intel Machine

2007-06-25 Thread Matt Johnston
On Mon, Jun 25, 2007 at 04:42:56PM +1200, David G. Koontz wrote: Apple (mis)uses TPM to unsuccessfully prevent OS X from running on non-Apple Hardware. All Apple on Intel machines have TPM, that's what 6 percent of new PCs? To nit pick, the TPM is only present in some Apple Intel machines

RE: Free Rootkit with Every New Intel Machine

2007-06-24 Thread Ian Farquhar \(ifarquha\)
2007 10:49 PM To: [EMAIL PROTECTED] Cc: cryptography@metzdowd.com Subject: Re: Free Rootkit with Every New Intel Machine [EMAIL PROTECTED] writes: my understanding from a person active in the NEA working group (IETF) is that TPMs these days come along for free because they're included on-die

RE: Free Rootkit with Every New Intel Machine

2007-06-24 Thread Peter Gutmann
Ian Farquhar (ifarquha) [EMAIL PROTECTED] writes: For example: the Gigabyte GA-965QM-DS2 (rev 2.0) which features security enhancement by TPM. More common (ASUS, Foxconn) was the TPM Connector, which seemed to be a hedged bet, by replacing the cost of the TPM chip with the cost of a socket.

Re: Free Rootkit with Every New Intel Machine

2007-06-23 Thread Peter Gutmann
[EMAIL PROTECTED] writes: my understanding from a person active in the NEA working group (IETF) is that TPMs these days come along for free because they're included on-die in at least one of said chips. Check again. A few months ago I was chatting with someone who works for a large US computer

Re: Free Rootkit with Every New Intel Machine

2007-06-23 Thread Ivan Krstić
Peter Gutmann wrote: I've seen all sorts of *claims* of TPM support, but try going out and buying a PC with one Of the 25 business laptop models that HP offers on its site right now, only 5 don't have a TPM installed. -- Ivan Krstić [EMAIL PROTECTED] | GPG: 0x147C722D

Re: Free Rootkit with Every New Intel Machine

2007-06-22 Thread Jeff . Hodges
[EMAIL PROTECTED] said: With TPMs it's a bit different, they're absent from the hardware by default in case you're referring to the TCPA (trusted computing platform alliance) TPM.. my understanding from a person active in the NEA working group (IETF) is that TPMs these days come along for

Re: Free Rootkit with Every New Intel Machine

2007-06-21 Thread Stephan Neuhaus
Peter Gutmann wrote: -- Snip -- This is very scary. I bet that our Minister of the Interior would love it, though, since he has been pushing a scheme for stealth examination of suspects' computers (called Federal Trojan). Technology like this would be a large first step towards making

Re: Free Rootkit with Every New Intel Machine

2007-06-21 Thread Ivan Krstić
Peter Gutmann wrote: [...] a register article saying Intel released its new platform Centrino Pro which includes Intel Active Management 2.5. An article with some more info is here: It appears Active Management is a setting that can be disabled normally from the BIOS, like with TPMs today:

wrt Network Endpoint Assessment (was: Re: Free Rootkit with Every New Intel Machine)

2007-06-21 Thread Jeff . Hodges
of potential related interest is.. Network Endpoint Assessment (NEA): Overview and Requirements http://www.ietf.org/internet-drafts/draft-ietf-nea-requirements-02.txt note term remediate/remediation. relevant snippage below. see also..

Re: Free Rootkit with Every New Intel Machine

2007-06-21 Thread Peter Gutmann
=?UTF-8?B?SXZhbiBLcnN0acSH?= [EMAIL PROTECTED] writes: It appears Active Management is a setting that can be disabled normally from the BIOS, like with TPMs today: http://support.intel.com/support/motherboards/desktop/sb/cs-020837.htm With TPMs it's a bit different, they're absent from the

Re: Free Rootkit with Every New Intel Machine

2007-06-11 Thread James A. Donald
Initially I did not believe it, thought it must be hype or hoax. Nope, it is a rootkit in hardware. http://www.intel.com/business/vpro/index.htm : : Isolate security tasks—in a separate : : environment that is hidden to the user : : : : [...] : : : : Perform hardware and