lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <001201c2ae6f$cd1f2b10$0100000a@yrpxb5>
From: yossarian at planet.nl (yossarian)
Subject: Trustworthy Computing Mini-Poll

>> Palladium will have an option to turn certain features "off", says
>> MS, so you can run programs deemed untrusted, outside the sandbox. If
>> there is a mechanism to turn features off, they differ from TCPA,
>> that is mandatory.

>Sounds great, doesn't it?
>What would you choose:
>1. Run without Palladium, but your MS Office, IE and Windows update
>might not work since your computer is considered insecure.
>2. Active Palladium.

I think i might run w/o Palladium - and search the net for cracked windows
updates, they are availale now, so why should'nt they be in the future? I
never thought it useful upgrading to a newer office since 2000, so why
should I do so in the future?

>> The only thing unclear for want of funcspecs is if I will be able to
>> take files out of the sandbox. If they want to make the systems
>> 'backwards compatible', there must be such a feauture.

>If the system is backwards compatible, what's the point with Palladium?
>It's like the "improved security" of XP or .NET server: they still use
>the NTLM-hash so LC still works.

Let's turn the question around a bit: if it is not backwards compatible, how
am i going to upgrade a 150.000 usr network? This answers your question on
XP and .NET as well - getting secure means big bang migrations. But these
are rarely feasible. So there must be a backwards compatability on some
levels, such as network authentication, which can be turned off later. Of
course, we forget, but we can't blame MS for that. Same goes for Palladium,
a system msut not only be secure, it should be useable, including during
migrations.

/Yossarian



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ