Even in a "trusted computing" environment, you are still vulnerable unless you control everything from "trusted foundries" of all components flowing through everything. By concentrating the attack vectors for nearly everything to a limited set of chip and component foundries, the risk of a single breach, introduced during design and manufacturing but not detected, could compromised nearly all security, even to the highest levels of National Security.
How much would Dod/NSA invest in order to backdoor the trusted computing of the world? How much China spend, or Russia, or ... ? Could anyone detect such a trojan horse? What if it remained totally dormant awaiting a signal or a specific time, then activating for its attack. Maybe its attack is "no more serious"!!! than halting all systems where it is installed.
How much would Dod/NSA invest in order to backdoor the trusted computing of the world? How much China spend, or Russia, or ... ? Could anyone detect such a trojan horse? What if it remained totally dormant awaiting a signal or a specific time, then activating for its attack. Maybe its attack is "no more serious"!!! than halting all systems where it is installed.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/newsbriefs/360/1533#1533