There's nothing to stop one from having an OS that allows you to add drivers. But whether anyone else chooses to trust attestations made by programs running on that OS is another matter entirely. I certainly wouldn't trust your OS with your drivers to obey a policy on data that I give to you, unless you can give me some proof that your OS and your drivers will not violate the policy that I ask you to enforce before handing you the data.
I don't think we have the same view here. Whether you run Linux, Windows, or OS XI doesn't make a difference. You will not be able to fake attestations (that other people believe) unless you can extract the private endorsement key.
Bear in mind there are two things that you could dislike about TPM. The first is attestation which affects whether programs on other machines will trust you (based on the data in the attestation). The second is sealed storage, which could store data on your system that you can't recover if you run a program/OS that lets you create such ciphertext.
The TPM stores three important keys in non-volatile memory. The endorsement key is a 2,048-bit RSA public and private key pair, which is created randomly on the chip at manufacture time and cannot be changed. The private key never leaves the chip, while the public key is used for attestation and for encryption of sensitive data sent to the chip, as occurs during the TPM_TakeOwnership command.
The endorsement key pair is the interesting one. No, you don't get the private component of the endorsement key pair, because that would make the attestation capability have no global meaning.
The Secret Service also investigates violations of laws relating to counterfeiting of obligations and securities of the United States; financial crimes that include, but are not limited to, access device fraud, financial institution fraud, identity theft, computer fraud; and computer-based attacks on our nation's financial, banking, and telecommunications infrastructure.
Really? I have never been infected with a virus, and I don't bother with anti-virus software. Yes, I do use Windows, but I monitor the system myself and run code in sandboxes when I deem it necessary.
The parent poster should be modded up. They have pointed out that turning off loadable kernel module support gives a false sense of security. It is still possible for an attacker, running as root, to modify kernel memory using/dev/kmem. The underlying problem is that access control is too coarse on both UNIX and Windows. SELinux is much better in this respect, but one could still wish for more.
Oh, they're already working on the "Open Sauce" porn series. Eric Raymond is up first, with some transexuals and hermaphrodites. The title is the "The Bazaar and the Bizarre".
Slashdot Mirror
Shellcoder's Handbook?
The access checks are made on other computers that communicate with the system that has a TPM.
There's nothing to stop one from having an OS that allows you to add drivers. But whether anyone else chooses to trust attestations made by programs running on that OS is another matter entirely. I certainly wouldn't trust your OS with your drivers to obey a policy on data that I give to you, unless you can give me some proof that your OS and your drivers will not violate the policy that I ask you to enforce before handing you the data.
I don't think we have the same view here. Whether you run Linux, Windows, or OS XI doesn't make a difference. You will not be able to fake attestations (that other people believe) unless you can extract the private endorsement key.
Bear in mind there are two things that you could dislike about TPM. The first is attestation which affects whether programs on other machines will trust you (based on the data in the attestation). The second is sealed storage, which could store data on your system that you can't recover if you run a program/OS that lets you create such ciphertext.
From that article:
The endorsement key pair is the interesting one. No, you don't get the private component of the endorsement key pair, because that would make the attestation capability have no global meaning.
Thanks!
Do you have a link that says anything more about this?
Ask and ye shall receive: Keith Brown's Hall of Shame.
Aliens? That's silly. Don't worry, Pat Robertson will no doubt explain why the lightning occurred soon enough.
Their mission includes:
Cough, bounded memory.
Just kidding. :-)
Go ahead and try it. It will fail. When you accept that you misunderstand what's going on, read "CD Cracking Uncovered" or similar.
Really? I have never been infected with a virus, and I don't bother with anti-virus software. Yes, I do use Windows, but I monitor the system myself and run code in sandboxes when I deem it necessary.
Um, no, he's talking about Windows. I fall on the side of Java over C/C++ for most purposes, but Azureus really does perform abominably on Windows.
Tsk. Useless use of "cat"!
You're so smart? You figure the solution out!
On the contrary, the article makes it very clear: Java is failing to provide income for Marc Andreesen.
Because no-one of any consequence runs Linux, MacOS, or a BSD? ;-)
The parent poster should be modded up. They have pointed out that turning off loadable kernel module support gives a false sense of security. It is still possible for an attacker, running as root, to modify kernel memory using /dev/kmem. The underlying problem is that access control is too coarse on both UNIX and Windows. SELinux is much better in this respect, but one could still wish for more.
Perhaps it would help to combat the obesity epidimic if nobody could hide their rolls of flab!
Take him outside to run around?
I agree, Walt was much more evil than corporate Disney. Credit where it's due.
Perhaps, but cutting it a bit fine.
Stop appealing to the least common denominator.
Oh, they're already working on the "Open Sauce" porn series. Eric Raymond is up first, with some transexuals and hermaphrodites. The title is the "The Bazaar and the Bizarre".