Tim Mullen, 2002-07-08
Whether Microsoft's ambitious project is a security solution or a Trojan horse depends much on the company's intentions.
Colapse all |
Post comment
....only the best of intentions ...
2002-07-08
Anonymous (1 replies)
Anonymous (1 replies)
Arms race did exist
2002-07-08
Anonymous
Anonymous
The Germans DID have an atomic bomb project during World War II. The OSS even sent an agent to evaluate the progress of the project and assasinate its leader, Heisenberg, if it seemed near completion. The reason the project never produced anything was because Heisenberg was sabotaging it from the in...
[ more ] [ reply ]
[ more ] [ reply ]
The Peril of the Hardware...
2002-07-08
Nicholas Weaver
Nicholas Weaver
It is the inclusion of hardware that is the highly disturbing factor. The security goals: namely very fine grained access controls, code authentication, and similar building blocks don't need additional hardware. There may be an excuse that the hardware would be to accelerate the encryption, but t...
[ more ] [ reply ]
[ more ] [ reply ]
Hardware *is* absolutely necessary for any real security
2002-07-09
Dominique Brezinski (1 replies)
Dominique Brezinski (1 replies)
It is as simple as software security can always be beat by software, but hardware based security *may* require hardware to beat it. The example in the article of a kernel-mode exploit being unable to recover sensitive crypto keys is a reasonable and realistic example of the goals and why hardware s...
[ more ] [ reply ]
[ more ] [ reply ]
Hardware *is* absolutely necessary for any real security
2002-07-09
Anonymous
Anonymous
Now, if I understand the technology correctly,
priviledged code can be verified by the palladium
system - this is done with public-key-crypto most
likely.
Now, with MS sources being traded in the undergound,
how can we expect MS to keep the crypto-keys for
Palladium secret ?
A hacker armo...
[ more ] [ reply ]
priviledged code can be verified by the palladium
system - this is done with public-key-crypto most
likely.
Now, with MS sources being traded in the undergound,
how can we expect MS to keep the crypto-keys for
Palladium secret ?
A hacker armo...
[ more ] [ reply ]
Palladium holds Promise, and Peril - but why?
2002-07-09
TL
TL
Microsoft decided to jump in the content-industry bandwagon for "every hardware device must be protected" because it's good for their business. Sure, we can find all kinds of conspiracy theories and secret cabals out to protect the allmighty buck, but it's still a legimate use for encryption. Or is ...
[ more ] [ reply ]
[ more ] [ reply ]
The wrong problem addressed
2002-07-09
L0k1 (1 replies)
L0k1 (1 replies)
Greater than 90% of all the security issues currently out there have to do with sloppy programming. Buffer overflows and address book accessing viruses should be impossible if input is properly validated and attachments not permitted to execute without validation. If software companies really had th...
[ more ] [ reply ]
[ more ] [ reply ]
The wrong problem addressed
2002-07-10
Anonymous (1 replies)
Anonymous (1 replies)
> Any hardware will have a software interface that WILL be vulnerable
The chances of a buffer overflow effecting hardware is very small. The first reason is that it is a well known problem, and people who design/program the hardware know about this issue (unlike the average programmer).
Th...
[ more ] [ reply ]
The chances of a buffer overflow effecting hardware is very small. The first reason is that it is a well known problem, and people who design/program the hardware know about this issue (unlike the average programmer).
Th...
[ more ] [ reply ]
The wrong problem addressed
2002-07-11
Anonymous
Anonymous
I think you are missing the point. I suspect the Hardware may be very good, and easier than software to produce verifyably secure functions. However the software interfaces to it will be the point of attack. It is the old smartcard problem that trojan code, or a clever attack on poor software may...
[ more ] [ reply ]
[ more ] [ reply ]
What about the others?
2002-07-09
MERLiiN
MERLiiN
Now if Palladium were to work.
What would happen to the word file if it was opened from linux, say on a hard drive added to a native linux system and mounted? How would palladium help you then?
As far as hardware goes I think EFF has shown that you do not be extremely rich in order to get custom...
[ more ] [ reply ]
What would happen to the word file if it was opened from linux, say on a hard drive added to a native linux system and mounted? How would palladium help you then?
As far as hardware goes I think EFF has shown that you do not be extremely rich in order to get custom...
[ more ] [ reply ]
Palladium holds Promise, and Peril
2002-07-09
Halvar
Halvar
I have not actually read the specifications of Palladium,
but I am sceptical -- right now, it is already hardware
that guarantees no User-Level application can write to
kernel memory. Your CPU hardware guarantuees that.
It is bugs in the software running in the kernel that allow
you to bypass t...
[ more ] [ reply ]
but I am sceptical -- right now, it is already hardware
that guarantees no User-Level application can write to
kernel memory. Your CPU hardware guarantuees that.
It is bugs in the software running in the kernel that allow
you to bypass t...
[ more ] [ reply ]
Palladium holds Promise, and Peril
2002-07-09
SaltyNetGuru
SaltyNetGuru
Just one more reason I decided years ago to go down the open source road. Due to the fact that I focus the bulk of my eduaction and expertise within UNIX/Linux I dont have to deal with alot of this Bullsh*t.
If you are a Advanced UNIX/Linux Admin you do not have so many of these headaches on your c...
[ more ] [ reply ]
If you are a Advanced UNIX/Linux Admin you do not have so many of these headaches on your c...
[ more ] [ reply ]
Wrong problem indeed,...
2002-07-10
Anonymous
Anonymous
The problem that needs to be solved is an easy global way for people and devices to obtain trusted copies of the public keys for the people and devices they wish to comunicate with. Having a key in hardware will not do any good, if nobody knows how to get it's public portion. Sure handshaking sche...
[ more ] [ reply ]
[ more ] [ reply ]
Palladium holds Promise, and Peril
2002-07-10
Anonymous
Anonymous
Trusting MS with the ability of my computer to properly run software that wasn't written by MS or their corporate development partners seems to be asking a bit much. With their public stance on open source, does anyone actually believe that they will make it possible (or easy) to use any software t...
[ more ] [ reply ]
[ more ] [ reply ]
Palladium holds Promise, and Peril
2002-07-10
Hamster1
Hamster1
I know that many people will embrace this "Palladium" concept, but I fear for the average consumser/end user.
How will this concept be implemented in the real world?.
Will Palladium really make my computer safer from viruses, trojans, worms,...?. I am not a MS hater, but this sounds like a case of...
[ more ] [ reply ]
How will this concept be implemented in the real world?.
Will Palladium really make my computer safer from viruses, trojans, worms,...?. I am not a MS hater, but this sounds like a case of...
[ more ] [ reply ]
And Robert Oppenheimer and his co-researchers also had only the best of intentions when he worked on building Fat Man and Little Boy.
(They wanted to...
[ more ] [ reply ]