lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: eballen1 at qwest.net (Bruce Ediger)
Subject: Trustworthy Computing Mini-Poll

On Sun, 22 Dec 2002, Simon Richter wrote:

> I believe they have thought about this. Trusted software can only be
> debugged on a special "developer" machine. My personal favourite would
> be the "carefully crafted" DVD, which uses a buffer overflow in a player
> routine (where people optimize for speed over security anyway). :-)

So, let me get this straight:

(1) TCPA will only protect us against the what's traditionally been
the least virulent form of computer viruses, file infectors.
(2) TCPA won't help the spam situation.
(3) Only specially licensed machines can run a debugger.
(4) TCPA machines won't allow us to copy arbitrary files - the hardware
or something prevents us from copying some "magic" files.

The upshot of #3 seems like "you can compile programs only if you you've
got a special license", but I don't know if the whole thing goes that far.

Why on earth would I pay money for such a deliberately, cynically crippled
piece of hardware?  "Sure, Mr Gates and Mr Grove!  I'll pay a thousand
dollars for your new Tee Vee I mean Pee Cee!"  You've got to be kidding
about all this.  Surely a free market won't allow this kind of crippling
to take place - it will have to be performed by some kind of government
fiat.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ