Slashdot Mirror


User: mysidia

mysidia's activity in the archive.

Stories
0
Comments
13,354
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 13,354

  1. Re:At the risk of doing someone's homework in a fo on Distinguishing Encrypted Data From Random Data? · · Score: 2, Informative

    Perhaps. But if you use cryptsetup with LUKS, there is a readable header for the encrypted file, you don't need the key to determine encryption has been used. In fact, you can set multiple passphrases that have the authority to decrypt the partition.

    GPG Encrypted data is also distinguishable, regardless of whether you use ASCII armoring or binary .GPG files. There are headers in the encrypted output that can be recognized without having the key to decrypt anything.

    Now if you run 'openssl' from the command line, and choose 'aes-256-cbc', supply a true random key, and enter data bits interspersed with random 'padding bits'. It will be probably impossible for anyone to determine from the output whether there are any data bits or not, without knowing the key.

  2. Re:I'm all for it on Intel Wants To Charge $50 To Unlock Your CPU's Full Capabilities · · Score: 1

    Assuming the manufacturing equipment pulls an unlock code from a true entropy source, and burns some combination of 128 solder bridges to encode a MD5 message digest of a 20-character alphanumeric representation of the code.

    (1) There is no 'algorithm' to discover

    and

    (2) There is no way to simply read the code off the top of the CPU.

  3. Re:I'm all for it on Intel Wants To Charge $50 To Unlock Your CPU's Full Capabilities · · Score: 1

    If the unlock sequence is done from BIOS only, the BIOS could be required to send a DISABLE_UNLOCK before booting an OS, causing the 'unlock' capability to be disabled until CPU reset.

    Intel already does this for the VT function. Once the BIOS has sent a VT LOCK instruction, the feature is incapable of being turned on until the reset line on the CPU has been activated.

    The BIOS is then a security barrier, and the standard virus protections apply. If a virus manages to flash the BIOS, the user is screwed, anyways.

  4. Reminded of Intel on Deleting Certain Gene Makes Mice Smarter · · Score: 1

    You know how Intel's charging $50 to unlock CPUs?

    Perhaps living beings also have additional CPU capacity installed but turned off, requiring some payment for removal of the 'lock out' genes. Possibly in the form of prayers, homage, and sacrifice to the creator.

    Or maybe there's actually an evolutionary reason why high intelligence is a problem.

    That would explain this situation in regards to the stupidity of the average human.... high intelligence can lead to studying, which reduces time spent on reproduction-related activities, which therefore, reduces the number of babies, and might be disfavored evolutionarily.

  5. Re:I'm all for it on Intel Wants To Charge $50 To Unlock Your CPU's Full Capabilities · · Score: 1

    iPhones, PS3s, Xboxes, and Wiis all have something in common. They are programmable, and being "locked" or not is a software state. The security of those is in software, requiring cooperation of all programs on the system, and if even one software program has a bug, it can result in running arbitrary code, leading to the ability to run arbitrary software.

    The attack surface in regards to those platforms is huge and massive compared to the security required to block access to something physical from software.

    The 'attack surface' could be as small as one CPU instruction for submitting an unlock code to the 'unlock cores' circuit.

    It doesn't matter what great microcode hack you have, if the extra cores are always held in a reset state or power off state by design, until a fusible link is broken by the blackbox security circuit, then there is no "circumventing the security circuit", without either providing the proper input, or by physically manipulating it (which is hard).

    If there were a unique code for each CPU, the massive number of CPUs manufactured would make gaining access to, let alone 'leaking unlock codes' quite a feat.

    This data could definitely be encrypted so no one team and no one server would even be able to extract a single unlock code, let alone all of them.

    A typical setup is to have 3 types of servers... DB server, Transaction Processing server, and Notary server.

    DB server has the code, encrypted.

    Transaction processing server, queries the database server for an unlock code.

    Transaction processing server gets the encrypted packet, sends with signed request to the notary server, gets back approval, and the other half of the key needed to decrypt the code.

    Note any 2 of the 3 servers could be compromised, and it would not lead to any loss of unlock codes.

    In such cases, each of 3 classes of server have their own independent security precautions, separate management team, and strong isolations and monitoring.

    Note while leaking is in theory possible, it requires the collaboration of 3 different teams.

  6. Re:But how precise is it? on Criminal Charges Against Speed Trap Tweeter · · Score: 1

    There's a spot I know of ~100 miles north of me where a highway marked at 65 off-ramps onto another highway marked at 60. The change in speed isn't marked at the top of the ramp, however, but 3 miles down the road instead. Local sheriffs LOVE to sit at the top of the hill and watch for people doing 65-70, who don't know about the speed change, and then cite them tickets.

    In other words, a supposed change of the speed limit isn't properly marked... someone should be able to take this to court and have their ticket overturned on these grounds, then maybe the DOT will mark it properly.

  7. Re:I'm all for it on Intel Wants To Charge $50 To Unlock Your CPU's Full Capabilities · · Score: 1

    That would be secure... on the other hand, if they just contact the intel server and send the CPU's serial number and get back a generic command "OK, you can unlock the CPU", then that is hackable, by reverse-engineering the program, and determining what instructions to send to the BIOS to tell it to unlock the proc.

    My suspicion is that at this stage, it is very insecure; I doubt Intel has designed this from the ground up to be secure, just for a little "trial" of the concept.

    Most likely in reality it will be found that their current implementation is very hackable, if anyone bothers to look... at least that is my suspicion :)

  8. Re:I'm all for it on Intel Wants To Charge $50 To Unlock Your CPU's Full Capabilities · · Score: 1

    They're not identical. In the final stages of manufacturing, right before they cover it, they etch the chip with a laser to disconnect certain solder points in order to lock the clock speed, to the speed they are going to print on the box. And they also burn a serial number somewhere in the CPU's ROM/microcode.

    It is probably nearly a trivial matter to add 32 or so more points to etch, in order for the 'unlock' code to be recorded.

    It may be more expensive to implement the procedure on their industrial equipment, but it's basically a one-time cost per line, to secure their upgrade revenue...

  9. Re:I'm all for it on Intel Wants To Charge $50 To Unlock Your CPU's Full Capabilities · · Score: 1

    If only you had some CPU cycles nearby to brute-force it...

    The circuit could easily include a counter and disallow all further attempts after the 3rd try, until the CPU is power cycled.

    I would think there would be a 'fixed portion' and a 'variable portion' of the circuit, with the variable portion set the same way as the clock multiplier (by burning certain solder points at the final stages of manufacture); and the fixed portion being buried out of reach without opening the CPU.

    The fixed portion could contain the 'protect' fuse, to disconnect the circuit during times when a brute force attempt is detected, and (perhaps) re-enable it when power cycled, or if the manufacturer were evil, they could have 10 fuses representing the 10 attempts allowed, and burn a fuse every time an incorrect code is entered, so the CPU can no longer be upgraded after 10 failed attempts.

  10. Re:I'm all for it on Intel Wants To Charge $50 To Unlock Your CPU's Full Capabilities · · Score: 1

    I know of more than a few people that can pretty much carve their way into any protected system, and have seen them prove it, so then it comes down to how robust the protection and whether anyone that is capable is interested enough to do it.

    Yeah, and I probably know people who could hijack truckloads of Intel's processors on the way to retailers, if they wanted too. Either way, it ceases to be mere piracy at that point, and more a matter of a break-in.

    The interesting thing about a database like this, is by the time it goes into production, no person really needs access to it, it is so simple it can be made practically zero maintenance, and it can be chopped up into redundant pieces.

    It's a perfect use case for a database which only supports two operations once built: "add serial number, code pair", and "lookup code by serial number"

    This could be exposed over the intranet to the fulfillment server using a DNS service, with rate limiting and IPsec encrypted response; with new codes submitted over an out of band serial link shared by the database servers and manufacturing equipment that generated the randomized code assignment from a true random number generator.

    No need for any complex database systems that might be susceptible to software-based compromise. No need for any remote administration services, at that point the question becomes one of physical security.

  11. Re:Unit Tests on Hole In Linux Kernel Provides Root Rights · · Score: 5, Insightful

    The test doesn't have to detect exploitability, only that the bug is still present (or not).

  12. Re:I'm all for it on Intel Wants To Charge $50 To Unlock Your CPU's Full Capabilities · · Score: 1

    How does the cpu know you provided the right unlock code if it cannot be calculated from the serial number?

    Burn an 'unlock circuit' on the CPU that incorporates the knowledge of the code, and performs the unlock operation only when the input matches the code exactly.

    Basically, a unique machine on each CPU that recognizes its code, but does not provide any access to the content of the code (without someone ripping open the CPU and analyzing the circuit with a $20000 logic analyzer).

  13. Re:I'm all for it on Intel Wants To Charge $50 To Unlock Your CPU's Full Capabilities · · Score: 2, Insightful

    Piracy of crippleware, means users download a serial or crack from a third party, the 'pirate', who doesn't have possession of the software or hardware device being cracked.

    If this comes down to physical manipulation of the device, and someone has to break open the case on their CPU or uncap it, to attempt to implement a physical attack, that will stop 99% of the population.

    Because the CPU is easily damaged, and if it's damaged, the whole point of trying to upgrade for free is spoiled.

    And the risk of damaging the CPU is so high, that it is unlikely to be a success.

    At this point, one would call "unlocking" it by physically manipulating the device a "hack".

    Not piracy. Piracy implies distributing things to the masses, such as a tool that can be used to easily turn on the restricted functionality.

  14. Re:I'm all for it on Intel Wants To Charge $50 To Unlock Your CPU's Full Capabilities · · Score: 1

    Which is why I said code in a database. As in, the serial number is not related to the unlock code by an algorithm, it is simply randomly generated every time and stored in a database, that is, there is simply an entry in some database on Intel's website that says "This unlock code goes with this serial number"

    Without access to the database, you don't know any of the unlock codes.

    This leaves the only form of piracy being the type that already happens with manufactured goods... a contracter secretly manufactures more goods than they are supposed to, or digs defective units out of a dumpster out back after hours, and sells them off on the black market, for profit.

  15. I wonder if we see this for hard drives next on Intel Wants To Charge $50 To Unlock Your CPU's Full Capabilities · · Score: 2, Insightful

    Or in filesystems...

    You install Windows on a 1000gb hard drive you bought, and Windows only provides you 500gb of usable space. A few years later, when you are running out of space....

    Dialog box: "Warning: C: only has 5 gigabytes of space left out of 500gb. You can visit http: upgrade . microsoft .com / morespace to expand your system storage capacity.... Your storage software is currently: Bronze Edition (limit: 500gb); you can upgrade to Silver (limit: 750gb) for $99.99 or Gold (limit: 1000gb) for $199.99. Or platinum for $299.99 to allow you to add a second hard drive to your computer"

    And then we could have hard drive manufacturers sell 1TB hard drives that can be upgraded to 1.5TB or 2TB hard drives by running a program and inputting an activation code from a web site......

  16. Re:i don't understand... on Intel Wants To Charge $50 To Unlock Your CPU's Full Capabilities · · Score: 1

    they already need to check if everything on it is working, because they can't offer an upgrade if it might not work hardware like, so its not as if they are asking extra for the broken chips... its just weird.

    They probably don't make additional checks. If the silicone was slightly defective, and turned off for that reason, the CPU presumably won't go to one of the batches they are selling the upgrade option for.

    At this point, few are likely defective.. in most cases they take perfectly fine CPUs and disable capabilities to sell them as low-end chips without hurting their market for high-end chips. It's all part of a business practice called Market Segmentation. Segment your market and sell optimal products to different segments with features those segments need at prices those segments are willing to pay for optimal profitability.

    Intel's been doing this for over 10 years, nothing new about this. Taking a chip sold to one segment and then having an upgrade option, instead of a throw-away and buy a new one option.. that's new.

    And more environmentally friendly, I might add.

  17. Re:Hey, I don't mind.. on Intel Wants To Charge $50 To Unlock Your CPU's Full Capabilities · · Score: 1

    It's not the case of "you get a $50 break". It's a case of: they would sell this CPU to you for the same price anyways, even if they weren't experimenting with an upgrade feature.

    If they weren't experimenting with this upgrade concept, it's not like your CPU would be more highly specced otherwise. It would just be still locked without any opportunity to upgrade it.

    Just like most low-end Intel CPUs are. Artificially locked; loaded with code that disables certain features.

  18. Re:Hey, I don't mind.. on Intel Wants To Charge $50 To Unlock Your CPU's Full Capabilities · · Score: 1

    Unfortunately, any backlash will be aimed at the company who's logo is on the box, not Intel.

    You seriously think Intel's logo won't be on the box?

    I see Intel Inside Logos almost everywhere. Usually they are happy to have their name everywhere, and PC manufacturers stamp the logo prominently, probably to take advantage of the capital in the Intel brand and customer familiarity with Intel.

  19. Re:Easier than disabling? on Intel Wants To Charge $50 To Unlock Your CPU's Full Capabilities · · Score: 1

    I'm fine with that as long as they make the activation simple, painless, one-time, not involve permanent bloat of the BIOS or system, and not require Windows or Linux software. Specifically, the activation should be either via a boot ISO, or via a PCI card with an option ROM, and involve a permanent change to the hardware, such as breaking an internal fuse.

    But no permanent drivers, system daemons, or code built into the BIOS or that the system has to run continuously to maintain the activation.

  20. Re:Similar experience at bestbuy on Intel Wants To Charge $50 To Unlock Your CPU's Full Capabilities · · Score: 1

    I would ask them how they are going to prove they improved the performance by exactly 18% and not 15% or less? :)

  21. Re:Ridiculous... on Intel Wants To Charge $50 To Unlock Your CPU's Full Capabilities · · Score: 1

    In which case, the CPU would cost you $100 instead of $50. Because that's what they determine to price those cores and cache at otherwise.

    It's not and never was a question of "costs to them" in order to manufacture your individual CPU. Many costs are support-related and also...

    The cost to them is more complicated than that, and includes things like the opportunity cost of providing you a more powerful CPU that will cause you to not make another purchase from them in a year.

    Their possible lost sale of a CPU to you one year from now is a cost to them, that they incur, if they provide you extra performance for free. Charging for the unlock capability (or charging you the full market value for the additional cores) presumably offsets that cost.

  22. Re:Ridiculous... on Intel Wants To Charge $50 To Unlock Your CPU's Full Capabilities · · Score: 1

    Actually, I think this is more like... your car came with a satellite GPS system, but you need an activation code to use it, or you need to buy software to use it. Or you need to pay an annual fee for the ability to use the radio receiver to pick up traffic data that is broadcast over certain frequencies.

    GPS manufacturers sell annual updates to map data, by the way, and if you happen to have 2 or 3 units of the same model number, you still have to buy the update 2 or 3 times. You get the software in a form that can only be activated once, so they intentionally prevent you from updating the data on multiple units.

    What's interesting here is.... this... Intel already does this. They already send you CPUs with features disabled when you buy the lower end model. They just simply provide no means whatsoever to turn back on what they have disabled.

    If they hadn't disabled it in the first place you would pay more

    So i'm not entirely convinced their change to allow you to activate this functionality you aren't paying for up front is entirely bad.

    (The functionality definitely has a market value, you would definitely pay more if the functionality was not disabled)

  23. Re:Ridiculous... on Intel Wants To Charge $50 To Unlock Your CPU's Full Capabilities · · Score: 1

    Wasn't there recently an article about Nevada governer candidate wanting to sell 'speeding passes' for the ability to drive your car 90 MPH? (with the only caveat being you will need to pay the fee to activate the electronic beacon, and get an annual safety inspection of your vehicle in order to do so)

  24. Re:I hope this doesn't fly ... on Intel Wants To Charge $50 To Unlock Your CPU's Full Capabilities · · Score: 3, Informative

    CPUs have built-in software, they are just commonly called 'Microcode' instead of software.

    Hyperthreading is a software feature that involves using hardware to implement it.

    So is "VT" / Virtualization Technlogy

    There are even ATOM CPUs where the hardware is 64-bit capable, but Intel ships without the 64-bit capability enabled in the software.

    So, yes, it's a technlogical protection that defends intel's exclusive right to license and distribute the Hyperthreading software.

    Until you have been provided the code, Intel has not licensed the Hyperthreading software to you. It's just like an expired trial version of any sort of shareware you might have on your computer.

    I wonder if Intel will offer a 30 day trial of Hyperthreading and Cache expansion <GT>

  25. Re:I'm all for it on Intel Wants To Charge $50 To Unlock Your CPU's Full Capabilities · · Score: 5, Interesting

    You know... Intel being the CPU manufacturer, could make this really robust. Each CPU already gets stamped with a unique serial number. They could stamp each one with a unique unlock code that goes with the serial number, as well.

    Then the only way to 'unlock' the function would be to go through Intel, so they would look up your specific CPU's unlock code in the database.

    That's impossible to pirate, because there's no way you can share the code. As long as they assure the unlock code is the only mechanism allowed to re-enable the capabilities, and there is no BIOS mechanism to override the lock.