- Original Message -
From: Shawn K. Quinn [EMAIL PROTECTED]
Subject: Re: Dell to Add Security Chip to PCs
Isn't it possible to emulate the TCPA chip in software, using one's own
RSA key, and thus signing whatever you damn well please with it instead
of whatever the chip wants to sign?
Erwann ABALEA [EMAIL PROTECTED] writes:
I've read your objections. Maybe I wasn't clear. What's wrong in installing a
cryptographic device by default on PC motherboards? I work for a PKI 'vendor',
and for me, software private keys is a nonsense.
A simple crypto device controlled by the same
Your message
To: [EMAIL PROTECTED]
Subject: Important [heur]
Sent:Fri, 4 Feb 2005 14:31:40 +0200
did not reach the following recipient(s):
[EMAIL PROTECTED] on Fri, 4 Feb 2005 14:30:24 +0200
The recipient name is not recognized
The MTS-ID of the original message is:
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Anonymous
The only people endangered by this capability are those who want to be
able to lie. They want to agree to contracts and user agreements that,
for example, require them to observe DRM restrictions and copyright
laws,
- Forwarded message from Roger Dingledine [EMAIL PROTECTED] -
From: Roger Dingledine [EMAIL PROTECTED]
Date: Fri, 4 Feb 2005 01:18:40 -0500
To: [EMAIL PROTECTED]
Subject: Tor 0.0.9.4 is out
User-Agent: Mutt/1.2.5.1i
Reply-To: [EMAIL PROTECTED]
Tor 0.0.9.4 fixes a server bug that took
On Thu, Feb 03, 2005 at 11:45:01PM -0600, Shawn K. Quinn wrote:
Isn't it possible to emulate the TCPA chip in software, using one's own
RSA key, and thus signing whatever you damn well please with it instead
of whatever the chip wants to sign? So in reality, as far as remote
attestation goes,
I don't know how clear I can say this, your threat model is broken, and the
bad guys can't stop laughing about it.
Come on, now...who's going to be better at Security than Microsoft? Since
bad guys won't be allowed inside the TCPA world then everything's going to
be just fine.
Seems like the
http://www.wired.com/news/print/0,1294,66473,00.html
Wired News
Car Chase Tech That's Really Hot
By Cyrus Farivar?
Story location: http://www.wired.com/news/autotech/0,2554,66473,00.html
02:00 AM Feb. 03, 2005 PT
If a Los Angeles-area scientist has his way, car chases may become as
On 2005-02-04T14:30:48-0500, Mark Allen Earnest wrote:
The government was not able to get the Clipper chip passed and that was
backed with the horror stories of rampant pedophilia, terrorism, and
organized crime. Do you honestly believe they will be able to destroy
open source, linux,
[from somelist]
Subject: Re: [s-t] The return of Das Blinkenlight
Date: Mon, 31 Jan 2005 19:00:49 -0500
In the early 90's I was a product manager for a (now-defunct) company
that made LAN hubs-- this was when a 10Base-T port would cost you a couple
This reminded me of a story from a
Thank you for using isnoop.net's Gmail invite spooler.
Use the following URL to activate your Gmail account:
http://gmail.google.com/gmail/a-ca7d57bba5-811dd7228f-0a9883fc47
If the above URL did not work, please click the following:
On Fri, Feb 04, 2005 at 08:21:47PM +, Justin wrote:
They managed with the HTDV broadcast flag mandate.
If I film off a HDTV screen with a HDTV camera (or just do single-frame with
a good professional camera) will the flag be preserved?
Watermarks will, but that's the next mass genocide by
Too lazy to post the full article. No one's going to read it anyway, right?
Link: http://slashdot.org/article.pl?sid=05/02/04/1642249
Posted by: CmdrTaco, on 2005-02-04 18:11:00
from the fight-of-the-year dept.
[1]gManZboy writes Two researchers in China has taken a look at the
Wherein the ACLU pitches us with the flash-pizza from hell:
http://www.adcritic.com/interactive/view.php?id=5927
I suppose I might actually give a damn about the above scenario if a
*business* was able to obtain all that information from other *businesses*
on an open market, from information
As far as the question of malware exploiting TC, it's difficult to
evaulate without knowing more details about how the technology ends up
being used.
First there was TCPA, which is now called TCG. Microsoft spun off their
own version called Palladium, then NGSCB. But then Microsoft withdrew
On 2005-02-04T23:28:56+0100, Eugen Leitl wrote:
On Fri, Feb 04, 2005 at 08:21:47PM +, Justin wrote:
They managed with the HTDV broadcast flag mandate.
If I film off a HDTV screen with a HDTV camera (or just do single-frame
with a good professional camera) will the flag be preserved?
http://sfgate.com/cgi-bin/article.cgi?file=/c/a/2005/02/04/BAGV2B5O6P1.DTLtype=printable
www.sfgate.com Return to regular view
SANTA CLARA COUNTY
Sex offender list used to find dates, police say
Convict on Megan's Law roster charged with misdemeanor
- Ryan Kim, Chronicle
At 10:15 AM 2/4/2005, R.A. Hettinga wrote:
The beautiful part of using the (microwave) energy is that it leaves the
suspect in control of the car, he said. He can steer, he can brake, he
just can't accelerate.
Sorry Charlie, but I think newer vehicles are moving to fly-by-wire
steering,
--
On 3 Feb 2005 at 22:25, Anonymous wrote:
Now, my personal perspective on this is that this is no real
threat. It allows people who choose to use the capability to
issue reasonably credible and convincing statements about
their software configuration. Basically it allows people to
tell
Eric Murray writes:
The TCPA chip verifies the (signature on the) BIOS and the OS.
So the software driver is the one that's trusted by the TCPA chip.
I don't believe this is correct. The TPM does not verify any signatures.
It is fundamentally a passive chip. Its only job is to store hashes
of
http://www.theregister.co.uk/2005/02/03/peter_lilley_id_report/print.html
The Register
Biting the hand that feeds IT
The Register » Internet and Law » Digital Rights/Digital Wrongs »
Original URL: http://www.theregister.co.uk/2005/02/03/peter_lilley_id_report/
Tory group report attacks ID
http://www.theregister.co.uk/2005/02/03/id_scheme_echr_concern/print.html
The Register
Biting the hand that feeds IT
The Register » Internet and Law » Digital Rights/Digital Wrongs »
Original URL: http://www.theregister.co.uk/2005/02/03/id_scheme_echr_concern/
Parliamentary report flags ID
Peter Gutmann wrote:
Neither. Currently they've typically been smart-card cores glued to the
MB and accessed via I2C/SMB.
and chips that typically have had eal4+ or eal5+ evaluations. hot topic
in 2000, 2001 ... at the intel developer's forums and rsa conferences
Erwann ABALEA wrote:
I've read your objections. Maybe I wasn't clear. What's wrong in
installing a cryptographic device by default on PC motherboards?
I work for a PKI 'vendor', and for me, software private keys is a
nonsense. How will you convice Mr Smith (or Mme Michu) to buy an
expensive CC
At 5:45 PM + 2/4/05, Dave Green wrote:
mmm, petits filous
Everyone else likes to worry about Google's gathering
conflict of interests, but Verisign's S.P.E.C.T.R.E.-level
skills still take some beating. This week, orbiting crypto
The best that can happen with TCPA is pretty good -
it could stop a lot of viruses and malware, for one
thing.
No, it can't. That's the point; it's not like the code running inside
the sandbox becomes magically exploitproof...it just becomes totally
opaque to any external auditor. A black
In message [EMAIL PROTECTED], Dan Kaminsky writes:
Uh, you *really* have no idea how much the black hat community is
looking forward to TCPA. For example, Office is going to have core
components running inside a protected environment totally immune to
antivirus.
How? TCPA is only a
Trei, Peter wrote:
It could easily be leveraged to make motherboards
which will only run 'authorized' OSs, and OSs
which will run only 'authorized' software.
And you, the owner of the computer, will NOT
neccesarily be the authority which gets to decide
what OS and software the machine can run.
If
On Thu, 3 Feb 2005, Erwann ABALEA wrote:
And do you seriously think that you can't do that, it's technically not
possible is a good answer? That's what you're saying. For me, a better
answer is you don't have the right to deny my ownership.
Yes, Senator McCarthy, I do in fact feel safer
Ed Reed wrote:
I'm just curious on this point. I haven't seen much
to indicate that Microsoft and others are ready
for a nymous, tradeable software assets world.
No, and neither are corporate customers, to a large extent.
Right, so my point (I think) was that without some
indication that
- Original Message -
From: Shawn K. Quinn [EMAIL PROTECTED]
Subject: Re: Dell to Add Security Chip to PCs
Isn't it possible to emulate the TCPA chip in software, using one's own
RSA key, and thus signing whatever you damn well please with it instead
of whatever the chip wants to sign?
On Thu, Feb 03, 2005 at 11:51:57AM -0500, Trei, Peter wrote:
It could easily be leveraged to make motherboards
which will only run 'authorized' OSs, and OSs
which will run only 'authorized' software.
[..]
If you 'take ownership' as you put it, the internal
keys and certs change, and all
Ed Reed wrote:
I'm just curious on this point. I haven't seen much
to indicate that Microsoft and others are ready
for a nymous, tradeable software assets world.
No, and neither are corporate customers, to a large extent.
Right, so my point (I think) was that without some
indication that
On 2005-02-04T14:30:48-0500, Mark Allen Earnest wrote:
The government was not able to get the Clipper chip passed and that was
backed with the horror stories of rampant pedophilia, terrorism, and
organized crime. Do you honestly believe they will be able to destroy
open source, linux,
[from somelist]
Subject: Re: [s-t] The return of Das Blinkenlight
Date: Mon, 31 Jan 2005 19:00:49 -0500
In the early 90's I was a product manager for a (now-defunct) company
that made LAN hubs-- this was when a 10Base-T port would cost you a couple
This reminded me of a story from a
Peter Gutmann wrote:
Neither. Currently they've typically been smart-card cores glued to the
MB and accessed via I2C/SMB.
and chips that typically have had eal4+ or eal5+ evaluations. hot topic
in 2000, 2001 ... at the intel developer's forums and rsa conferences
Erwann ABALEA wrote:
I've read your objections. Maybe I wasn't clear. What's wrong in
installing a cryptographic device by default on PC motherboards?
I work for a PKI 'vendor', and for me, software private keys is a
nonsense. How will you convice Mr Smith (or Mme Michu) to buy an
expensive CC
The best that can happen with TCPA is pretty good -
it could stop a lot of viruses and malware, for one
thing.
No, it can't. That's the point; it's not like the code running inside
the sandbox becomes magically exploitproof...it just becomes totally
opaque to any external auditor. A black
In message [EMAIL PROTECTED], Dan Kaminsky writes:
Uh, you *really* have no idea how much the black hat community is
looking forward to TCPA. For example, Office is going to have core
components running inside a protected environment totally immune to
antivirus.
How? TCPA is only a
At 5:45 PM + 2/4/05, Dave Green wrote:
mmm, petits filous
Everyone else likes to worry about Google's gathering
conflict of interests, but Verisign's S.P.E.C.T.R.E.-level
skills still take some beating. This week, orbiting crypto
40 matches
Mail list logo