The Devil And The Deep Blue Sea

Threat level definition

The Devil And The Deep Blue Sea
Jon Lasser, 2002-07-17

Why Microsoft's Palladium project threatens to send Linux and open-source into exile.

Expand all | Post comment

And the major security goals don't need hardware 2002-07-18
Nicholas Weaver (1 replies)

And the major security goals don't need hardware 2002-07-19
Anonymous

The Devil And The Deep Blue Sea 2002-07-18
Anonymous (6 replies)

The Devil And The Deep Blue Sea 2002-07-18
Anonymous

The Devil And The Deep Blue Sea 2002-07-19
Anonymous

The Devil And The Deep Blue Sea 2002-07-19
Anonymous (1 replies)

The Devil And The Deep Blue Sea 2002-07-23
Anonymous

The Devil And The Deep Blue Sea 2002-07-19
Anonymous

The Devil And The Deep Blue Sea 2002-07-19
Anonymous

The Devil And The Deep Blue Sea 2002-07-22
Anonymous

The Devil And The Deep Blue Sea 2002-07-18
Anonymous

Unbelieveable 2002-07-18
Anonymous (5 replies)

Unbelieveable 2002-07-19
Anonymous (2 replies)

Unbelieveable 2002-07-20
Anonymous

Unbelieveable 2002-07-21
Anonymous

Unbelieveable 2002-07-19
Anonymous

Unbelieveable 2002-07-19
Martin Schoch

Unbelieveable 2002-07-20
Anonymous

Unbelieveable 2002-07-20
Anonymous

The Devil And The Deep Blue Sea 2002-07-18
blacklight (1 replies)

The Devil And The Deep Blue Sea 2002-07-23
Anonymous

Take a chill pill 2002-07-18
Anonymous Bastard (3 replies)

take your own advice 2002-07-19
rsullivan@art-line.com (1 replies)

Re: take your own advice 2002-07-19
Anonymous Bastard (2 replies)

Re: take your own advice 2002-07-19
Anonymous (2 replies)

happy x86 processor world? riiiiight... 2002-07-19
Anonymous (1 replies)

happy x86 processor world? riiiiight... 2002-07-22
Anonymous

Re: take your own advice 2002-07-21
Anonymous

Re: take your own advice 2002-07-19
Anonymous

Re: Take a chill pill 2002-07-19
Jm4n

Take a chill pill 2002-07-21
Anonymous

And they expect JIT Java and .NET compilers to operate? 2002-07-19
Anonymous

The Devil And The Deep Blue Sea 2002-07-19
Anonymous (1 replies)

OSS version of Palladium 2002-07-20
Abri

The Devil And The Deep Blue Sea 2002-07-19
Anonymous

The Devil And The Deep Blue Sea 2002-07-19
SkyLeach

Palladium and buffer overflows 2002-07-19
Anonymous (6 replies)

Palladium and buffer overflows 2002-07-19
Anonymous

Palladium and buffer overflows 2002-07-19
Anonymous

Palladium and buffer overflows 2002-07-20
bufferoverwhelmed

Palladium and buffer overflows 2002-07-20
Anonymous

Palladium and buffer overflows 2002-07-21
Anonymous

Palladium would NOT stop buffer overflows... 2002-07-21
Nicholas Weaver

Pride goeth before a Fall 2002-07-19
Anonymous

As Bruce Schneiner of Counterpane like to point out, crytography and security are hard to get right. Microsoft has a long history of takeing three released versions to get software right, and that only means getting the bug level town to tolerable levels. And Intel has been known to botch the implementation of floating point, amoung other things.

Palladium is setting up the PC industry for something it's never gone through before, but the auto industry has. A recall. You can patch or update software, even BIOS, but a botched implementation of hardware security means a CPU replacement at least, or replacing the entire motherboard. And the time needed to close the window of vulnerability with a chip fix is a lot longer than with a hardware fix.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/96/15722#15722

Couldn't _anyone_ make a "signature stamp"? 2002-07-19
Mad Ivan

No evidence for these claims 2002-07-19
Tamperbell (2 replies)

No evidence for these claims 2002-07-22
Anonymous

No evidence for these claims 2002-07-23
Anonymous

The Devil And The Deep Blue Sea 2002-07-19
Anonymous

MSFT won't fix Outlook so we must lock hardware? won't work 2002-07-20
Anonymous

Alternate hardware 2002-07-20
Anonymous

The Devil And The Deep Blue Sea 2002-07-20
Anonymous

THE DEVIL AND THE DEEP BLUE SEE 2002-07-20
NSS ( Network Ssecurity Systems)

It's all about trust 2002-07-20
Anonymous

The Devil And The Deep Blue Sea 2002-07-21
Anonymous

The Devil And The Deep Blue Sea 2002-07-22
Anonymous

The Devil And The Deep Blue Sea 2002-07-22
Anonymous (1 replies)

The Devil And The Deep Blue Sea 2002-07-23
Anonymous

The Devil And The Deep Blue Sea 2002-07-22
Anonymous

The Devil And The Deep Blue Sea 2002-07-23
Anonymous (1 replies)

The Devil And The Deep Blue Sea 2002-07-23
Anonymous

I will never buy it and anyone who is smart won't either. 2002-07-23
Anonymous (1 replies)

I will never buy it and anyone who is smart won't either. 2002-07-25
Anonymous

And even money can be forged.... why not code? 2002-07-25
José Azevedo

Copyright and Anti-piracy laws 2002-07-29
Anonymous

It is time for "security enhanced linux" to be put on the front burner NOW! 2002-07-29
100% of distros should be 100% SE Linux

Privacy Statement
Copyright 2008, SecurityFocus