The Devil And The Deep Blue Sea

Threat level definition

The Devil And The Deep Blue Sea
Jon Lasser, 2002-07-17

Why Microsoft's Palladium project threatens to send Linux and open-source into exile.

Expand all | Post comment

And the major security goals don't need hardware 2002-07-18
Nicholas Weaver (1 replies)

And the major security goals don't need hardware 2002-07-19
Anonymous

The Devil And The Deep Blue Sea 2002-07-18
Anonymous (6 replies)

The Devil And The Deep Blue Sea 2002-07-18
Anonymous

The Devil And The Deep Blue Sea 2002-07-19
Anonymous

The Devil And The Deep Blue Sea 2002-07-19
Anonymous (1 replies)

The Devil And The Deep Blue Sea 2002-07-23
Anonymous

The Devil And The Deep Blue Sea 2002-07-19
Anonymous

The Devil And The Deep Blue Sea 2002-07-19
Anonymous

The Devil And The Deep Blue Sea 2002-07-22
Anonymous

The Devil And The Deep Blue Sea 2002-07-18
Anonymous

Unbelieveable 2002-07-18
Anonymous (5 replies)

Unbelieveable 2002-07-19
Anonymous (2 replies)

Unbelieveable 2002-07-20
Anonymous

Unbelieveable 2002-07-21
Anonymous

Unbelieveable 2002-07-19
Anonymous

Unbelieveable 2002-07-19
Martin Schoch

Unbelieveable 2002-07-20
Anonymous

Unbelieveable 2002-07-20
Anonymous

The Devil And The Deep Blue Sea 2002-07-18
blacklight (1 replies)

The Devil And The Deep Blue Sea 2002-07-23
Anonymous

Take a chill pill 2002-07-18
Anonymous Bastard (3 replies)

take your own advice 2002-07-19
rsullivan@art-line.com (1 replies)

Re: take your own advice 2002-07-19
Anonymous Bastard (2 replies)

Re: take your own advice 2002-07-19
Anonymous (2 replies)

happy x86 processor world? riiiiight... 2002-07-19
Anonymous (1 replies)

happy x86 processor world? riiiiight... 2002-07-22
Anonymous

Re: take your own advice 2002-07-21
Anonymous

Re: take your own advice 2002-07-19
Anonymous

Re: Take a chill pill 2002-07-19
Jm4n

Take a chill pill 2002-07-21
Anonymous

And they expect JIT Java and .NET compilers to operate? 2002-07-19
Anonymous

The Devil And The Deep Blue Sea 2002-07-19
Anonymous (1 replies)

OSS version of Palladium 2002-07-20
Abri

The Devil And The Deep Blue Sea 2002-07-19
Anonymous

The Devil And The Deep Blue Sea 2002-07-19
SkyLeach

Palladium and buffer overflows 2002-07-19
Anonymous (6 replies)

Palladium and buffer overflows 2002-07-19
Anonymous

Palladium and buffer overflows 2002-07-19
Anonymous

Palladium and buffer overflows 2002-07-20
bufferoverwhelmed

Palladium and buffer overflows 2002-07-20
Anonymous

Palladium and buffer overflows 2002-07-21
Anonymous

I have to agree. Unless Pallidium is checking each branch to make sure it's to "signed" code, it won't make a difference.

( and no, that still wouldn't stop everyhing )

So Palladium is useless against buffer overflows, the biggest security problem

Palladium could be slightly effective against Word/Outlook macro viruses, which these days probably qualifies as the second biggest problem. But only slightly.

Could it help with signing transactions... sure, somewhat. But when somewhen finds a flaw in it, how do we upgrade all the Palladium systems out there? Oh, I guess you could upgrade the firmward. What a relief... no virus writer would try to take advantage of that.

Just give us decent hardware random number generators, and let the software do the rest.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/96/15759#15759

Palladium would NOT stop buffer overflows... 2002-07-21
Nicholas Weaver

Pride goeth before a Fall 2002-07-19
Anonymous

Couldn't _anyone_ make a "signature stamp"? 2002-07-19
Mad Ivan

No evidence for these claims 2002-07-19
Tamperbell (2 replies)

No evidence for these claims 2002-07-22
Anonymous

No evidence for these claims 2002-07-23
Anonymous

The Devil And The Deep Blue Sea 2002-07-19
Anonymous

MSFT won't fix Outlook so we must lock hardware? won't work 2002-07-20
Anonymous

Alternate hardware 2002-07-20
Anonymous

The Devil And The Deep Blue Sea 2002-07-20
Anonymous

THE DEVIL AND THE DEEP BLUE SEE 2002-07-20
NSS ( Network Ssecurity Systems)

It's all about trust 2002-07-20
Anonymous

The Devil And The Deep Blue Sea 2002-07-21
Anonymous

The Devil And The Deep Blue Sea 2002-07-22
Anonymous

The Devil And The Deep Blue Sea 2002-07-22
Anonymous (1 replies)

The Devil And The Deep Blue Sea 2002-07-23
Anonymous

The Devil And The Deep Blue Sea 2002-07-22
Anonymous

The Devil And The Deep Blue Sea 2002-07-23
Anonymous (1 replies)

The Devil And The Deep Blue Sea 2002-07-23
Anonymous

I will never buy it and anyone who is smart won't either. 2002-07-23
Anonymous (1 replies)

I will never buy it and anyone who is smart won't either. 2002-07-25
Anonymous

And even money can be forged.... why not code? 2002-07-25
José Azevedo

Copyright and Anti-piracy laws 2002-07-29
Anonymous

It is time for "security enhanced linux" to be put on the front burner NOW! 2002-07-29
100% of distros should be 100% SE Linux

Privacy Statement
Copyright 2008, SecurityFocus