| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu Dec 15 18:48:03 2005 From: toddtowles at brookshires.com (Todd Towles) Subject: TPM - will it work as pushed to the public? http://www.msnbc.msn.com/ID/10441443 <http://www.msnbc.msn.com/ID/10441443> Is it me or is this totally not going to work for normal people? "Of course you could always "fool" the system by starting your computer with your unique PIN or fingerprint and then letting another person use it, but that's a choice similar to giving someone else your credit card.) " Umm you mean like a backdoor installed on the system, VNC injection..the attacker can "use" your computer and your TPM chip from anywhere in the world. This will protect huge corporations by stopping attackers from using username/passwords on other computer systems, but how is this going to protect grandma (aka people that don't patch and therefore get infected anyways). MITM attack will still work, even with TPM Of course, people will find a way to spoof the TPM by using another computer infront of their own or someother trick. This seems to be just another left jab in the ongoing boxing match...not a "cure". -Todd -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20051215/2c142119/attachment.html
Powered by blists - more mailing lists