The installation of a firewall just doesn't make one go "oooh and ahhh" like the vaporized city and mushroom cloud from a 10 mega-ton ICBM.
Unlike a "cyber attack" the ICBM does real damage to the enemy. Which is the whole point of war: overpowering the enemy. The point of war is not to force the enemy to reroute network traffic or to restore a computer system from backup copies. If the troubles are serious, forget all that cyber stuff and go for the ICBM. It is the only thing that makes sense.
If you watched the broadcast of this exercise on CNN, you heard many people arguing for things that the government just can't do such as ordering telcos to disable all smartphones,...
Uhm, does something that you can fend off by disabling smartphones qualify as an attack these days? Please tell me this is not true. 25 years ago our fears were about worldwide thermonuclear war and today we are talking about having to disable smartphones? It seems to me that this whole cyberwar thing is just nonsense.
Our means of destroying mankind are still around, by the way.
Nautilus and most other file browsers also default to Icon view, which is fine if you have only about 5 files on your computer, which was probably true for Windows for Workgroups 3.1, but these days List view should be the default.
If you have so many nits to pick, why don't you just pay someone to do it right for you? OSS projects aren't in a position to give you a usable system, they can only provide you with raw code. Someone has to take this code and turn it into something useful and usable. This can be you or somebody working for you.
You sound like you're arguing from information given to you by Al Gore. I'm not sure he's a trustworth source.
Of course Al Gore isn't a trustworthy source. The United States presidential election of 2000 provided clear and unequivocal empirical evidence that George W. Bush was more trustworthy than Al Gore. Which was a pretty low threshold to miss.
Vikings build villages in Greenland 1,000 years ago. Those same villages got covered in ice and snow 900 years ago and the viking left cause it was cold as heck, nothing would grow and their animals starved.
Actually their animals did all but starve until they had eaten the last Viking. So in an odd way, the Vikings may have saved the polar bear.
A strong scientific consensus is derived from...
1. Overwhelming evidence via multiple independent lines of enquiry.
2. A high degree of predictive and/or explanatory power.
3. A lack of conta-evidence and a lack of equally valid alternative explainations.
(...)
The strong scientific consensus on GW is that mankinds emmisions are causing the bulk of the observed warming and it will servely retard our civilisation unless we act to reduce those emmissions by ~70-80% over the next four or five decades.
So the consensus you are talking about is in part a consensus about the state of our civilization a few decades into the future.Would you mind telling us...
1. What exactly is the evidence that we have about the state of our civilization a few decades into the future?
2. Have there been any empirical experiments aiming to determine the predictive power of people who claim to be able to predict the future? If so, what were the results?
3. What would you consider valid contra-evidence that could convince you that a consensus about the state of our civilization a few decades from now might be wrong?
Maybe so, but here's a hypothetical situation to consider.
A comet is crashing towards the area you live in. Scientists have a raging debate as to whether or not it will completely disintegrate before hitting your house. Do you stay in your house till they reach a "consensus" or get the hell out of there?
I have one more hypothetical situation to consider:
An evil empire of infidels is threatening the country you live in. Religious leaders have a raging debate as to whether or not going martyr will help to defeat them. There is a consensus among them, however, that you will end up in paradise if you do so and that ending up in paradise would involve a few classrooms full of virgins to your disposal. Do you shrug it off or do you blow up yourself and others in a crowded place?
Whether global warming is true or not really doesn't matter much. We still need to take precautions to prevent pollution and switch to cleaner energy sources. It will benefit our own health and safety as well as be a matter of prudence.
It ain't that simple. You are making an assumption: that every precaution we might be tempted to take would be without negative side effects, or that the positive effects would outweigh the negative ones. But this remains to be verified for every proposed solution. Considering your hypothetical situation, how would your assessment change if, after everything was over, you learned that the comet did indeed disintegrate and 315 people died from accidents while panicking and fleeing?
This doesn't imply that we shouldn't do anything. But we must remain rational in our risk analysis. And we have one element which is highly dangerous here on the political part of the debate. I'm sort of uneasy about the idea of justifying action today with a predicted result far into the future. This isn't wrong per se but it must not be used to override agreements that underlie our societies and political systems. Otherwise we will end up in a 72 virgins kind of a situation where people could be manipulated into anything by pointing to the great future success they are obliged to contribute to. There would be no easy way of disagreeing. If you don't like the paradise and virgins example, feel free to consider Marxism instead, which is built on the idea that human societies would develop according to principles that science has discovered (which may even be true) and that this science would predict that we are all going to end up in communist paradise (which has been profoundly discredited by history).
I'm sometimes bothered by the stress on studies being "verified" by something like a peer-review process.
This is a misunderstanding. The role of peer review is not to verify anything. To the contrary, there are many situations where a reviewer will not be able to verify results with resonable effort. Think LHC experiments, Mars probes, etc.
Peer review is really just a spam filter. Reviewers can check whether a publication has novel aspects to it, whether it is relevant to the journal or conference, whether it is presented in a comprehensible manner, whether releated work is properly cited, and so on. A paper that has passed the peer review process is not verified, it is only deemed useful.
There are people who claim otherwise and unfortunately some of them are scientists. Overstating the capabilities of peer review makes sense if one attempts to use science in politics (which isn't wrong per se) and attempts to close political debates on the sole ground of scientific considerations (which is usually wrong).
My prime plan is that I think it should be possible to cut or short one or more lines on the TPM chip to effectively deactivate it or at least isolate it, boot into custom control software, flip the switch, and just feed the chip the same sequence of values it would load during the authentic Trusted boot sequence.
The TPM is specifically designed to secure the computer against the owner.
That's funny. They (the Trusted Computing community) keep telling me that the TPM and the technologies surrounding it were never designed to protect against physical attacks. It should be obvious that this is a bad choice when trying to secure a computer against the owner. Can you point me to a specific reference in the specification or other official matter regarding this design objective?
Except that real "trusted computing" using a TPM chip doesn't store the key in the CPU or in RAM, it is stored in the TPM.
This is a dangerous belief. It is true that some keys remain inside the TPM, at least as long as the chip is being accessed only through its wire interface. However, the TPM ist not suitable for bulk encryption. Applications therefore typically use the TPM only to store keys, which are extracted to memory when needed.
The attack essentially depends on being able to shutdown the computer but keep the memory cold enough that the randomization time is slowed down tremendously, giving enough time to perform a dump of the contents onto another system for further analysis.
The attack is really extracting the encryption key from memory after gaining physical access to the machine. Cold boot, cool as it may be, is just one particular implementation of it. To effectively protect your system you should defend against the attack, not particular implementations.
I thought Slashdot was against the TPM chip? Last I read, it was supposed to be used for anti-piracy.
Further down (or up?) the thread, Slashdot still is. But a TPM is not going to help you much here. The TPM is not supposed to do bulk encryption so it is typically used to restrict the release of a key to certain conditions. Which means that even with a TPM one will end up having the actual key somewhere in the RAM.
so how often are these cold boot attacks actually performed in a hostile situation (as opposed to under controled conditions for demonstration, or to legitimately recover lost passwords or whatever)
This is a good and legitimate question. This question should not be used to thwart research, however. Threats may evolve and exploiting a vulnerability could become widespread over time. Perhaps deployment can wait until this really happens but research should not.
Isn't it possible to design "secure" memory chips that zero their contents when power is first applied?
Maybe, but this would solve only one portion of the problem. Cold boot attacks imply that the attacker has physical access to the computer and sufficient time to dig down to the wires without getting caught. The canonical implementation is stealing a running laptop. The attacker's objective is to get access to a key, which today usually resides in RAM. Cold boot attacks are one way of doing this but there is a wide range of other things that an attacker could do in this situation. The attacker might use interfaces like Firewire for instance, which has been mentioned elsewhere in this discussion. Or manipulate the running system in such a way that power suppply of the RAM chips is maintained while other components are being reset. "Secure" memory chips as you propose would therefore solve only part of the real problem.
The scenario is that someone steals a running, but locked laptop, and wants to read your encryption keys stored in RAM. If it's not running, then the encryption keys aren't in RAM.
This is, by the way, only the easier part of the threat landscape. If the computer is not running, nothing prevents an attacker from tampering with the hardware or software in such a way that a second visit to the system yields any password or key used.
Currently the only difference between a self signed cert and a $10 one is that the latter leaves you $10 poorer. There is no practical difference between the two.
In a corporate environment, there is a practical difference: the $10 certificate will involve paperwork and the procurement process is likely to take a few days or even weeks.
If all browsers would show these drastic certificiate errors AND all SSL-loving webmasters would keep their certs updated, we would have less issues in phising and scamming, much less.
If all people would overcome their greed AND all people in a position of power could resist the temptation to abuse it, communism would work and be fun.
There is a picture of the actual vehicle on the Web. It seems that the office chair really constitutes just a minor component of it, which becomes obvious if you compare the vehicle to the racing chairs used in official championships (page in Germany, I'm sorry).
Slashdot Mirror
Typing Google into Google.
The installation of a firewall just doesn't make one go "oooh and ahhh" like the vaporized city and mushroom cloud from a 10 mega-ton ICBM.
Unlike a "cyber attack" the ICBM does real damage to the enemy. Which is the whole point of war: overpowering the enemy. The point of war is not to force the enemy to reroute network traffic or to restore a computer system from backup copies. If the troubles are serious, forget all that cyber stuff and go for the ICBM. It is the only thing that makes sense.
If you watched the broadcast of this exercise on CNN, you heard many people arguing for things that the government just can't do such as ordering telcos to disable all smartphones, ...
Uhm, does something that you can fend off by disabling smartphones qualify as an attack these days? Please tell me this is not true. 25 years ago our fears were about worldwide thermonuclear war and today we are talking about having to disable smartphones? It seems to me that this whole cyberwar thing is just nonsense.
Our means of destroying mankind are still around, by the way.
Nautilus and most other file browsers also default to Icon view, which is fine if you have only about 5 files on your computer, which was probably true for Windows for Workgroups 3.1, but these days List view should be the default.
If you have so many nits to pick, why don't you just pay someone to do it right for you? OSS projects aren't in a position to give you a usable system, they can only provide you with raw code. Someone has to take this code and turn it into something useful and usable. This can be you or somebody working for you.
You sound like you're arguing from information given to you by Al Gore. I'm not sure he's a trustworth source.
Of course Al Gore isn't a trustworthy source. The United States presidential election of 2000 provided clear and unequivocal empirical evidence that George W. Bush was more trustworthy than Al Gore. Which was a pretty low threshold to miss.
Vikings build villages in Greenland 1,000 years ago. Those same villages got covered in ice and snow 900 years ago and the viking left cause it was cold as heck, nothing would grow and their animals starved.
Actually their animals did all but starve until they had eaten the last Viking. So in an odd way, the Vikings may have saved the polar bear.
What evidence, by the way, could convice you that the world will be better off in 2100 or at any later time if we do not take any precautions today?
So the consensus you are talking about is in part a consensus about the state of our civilization a few decades into the future.Would you mind telling us ...
1. What exactly is the evidence that we have about the state of our civilization a few decades into the future?
2. Have there been any empirical experiments aiming to determine the predictive power of people who claim to be able to predict the future? If so, what were the results?
3. What would you consider valid contra-evidence that could convince you that a consensus about the state of our civilization a few decades from now might be wrong?
We can't all have an Internet. It was a pleasure to meet you. Goodbye.
How about ... recycling?
I have one more hypothetical situation to consider:
An evil empire of infidels is threatening the country you live in. Religious leaders have a raging debate as to whether or not going martyr will help to defeat them. There is a consensus among them, however, that you will end up in paradise if you do so and that ending up in paradise would involve a few classrooms full of virgins to your disposal. Do you shrug it off or do you blow up yourself and others in a crowded place?
It ain't that simple. You are making an assumption: that every precaution we might be tempted to take would be without negative side effects, or that the positive effects would outweigh the negative ones. But this remains to be verified for every proposed solution. Considering your hypothetical situation, how would your assessment change if, after everything was over, you learned that the comet did indeed disintegrate and 315 people died from accidents while panicking and fleeing?
This doesn't imply that we shouldn't do anything. But we must remain rational in our risk analysis. And we have one element which is highly dangerous here on the political part of the debate. I'm sort of uneasy about the idea of justifying action today with a predicted result far into the future. This isn't wrong per se but it must not be used to override agreements that underlie our societies and political systems. Otherwise we will end up in a 72 virgins kind of a situation where people could be manipulated into anything by pointing to the great future success they are obliged to contribute to. There would be no easy way of disagreeing. If you don't like the paradise and virgins example, feel free to consider Marxism instead, which is built on the idea that human societies would develop according to principles that science has discovered (which may even be true) and that this science would predict that we are all going to end up in communist paradise (which has been profoundly discredited by history).
This is a misunderstanding. The role of peer review is not to verify anything. To the contrary, there are many situations where a reviewer will not be able to verify results with resonable effort. Think LHC experiments, Mars probes, etc.
Peer review is really just a spam filter. Reviewers can check whether a publication has novel aspects to it, whether it is relevant to the journal or conference, whether it is presented in a comprehensible manner, whether releated work is properly cited, and so on. A paper that has passed the peer review process is not verified, it is only deemed useful.
There are people who claim otherwise and unfortunately some of them are scientists. Overstating the capabilities of peer review makes sense if one attempts to use science in politics (which isn't wrong per se) and attempts to close political debates on the sole ground of scientific considerations (which is usually wrong).
Recommended reading:
in Michael Nielsen's blog.
Thanks a lot for the references.
This attack is known as the TPM reset attack.
That's funny. They (the Trusted Computing community) keep telling me that the TPM and the technologies surrounding it were never designed to protect against physical attacks. It should be obvious that this is a bad choice when trying to secure a computer against the owner. Can you point me to a specific reference in the specification or other official matter regarding this design objective?
This is a dangerous belief. It is true that some keys remain inside the TPM, at least as long as the chip is being accessed only through its wire interface. However, the TPM ist not suitable for bulk encryption. Applications therefore typically use the TPM only to store keys, which are extracted to memory when needed.
The attack is really extracting the encryption key from memory after gaining physical access to the machine. Cold boot, cool as it may be, is just one particular implementation of it. To effectively protect your system you should defend against the attack, not particular implementations.
Further down (or up?) the thread, Slashdot still is. But a TPM is not going to help you much here. The TPM is not supposed to do bulk encryption so it is typically used to restrict the release of a key to certain conditions. Which means that even with a TPM one will end up having the actual key somewhere in the RAM.
This is a good and legitimate question. This question should not be used to thwart research, however. Threats may evolve and exploiting a vulnerability could become widespread over time. Perhaps deployment can wait until this really happens but research should not.
Maybe, but this would solve only one portion of the problem. Cold boot attacks imply that the attacker has physical access to the computer and sufficient time to dig down to the wires without getting caught. The canonical implementation is stealing a running laptop. The attacker's objective is to get access to a key, which today usually resides in RAM. Cold boot attacks are one way of doing this but there is a wide range of other things that an attacker could do in this situation. The attacker might use interfaces like Firewire for instance, which has been mentioned elsewhere in this discussion. Or manipulate the running system in such a way that power suppply of the RAM chips is maintained while other components are being reset. "Secure" memory chips as you propose would therefore solve only part of the real problem.
This is, by the way, only the easier part of the threat landscape. If the computer is not running, nothing prevents an attacker from tampering with the hardware or software in such a way that a second visit to the system yields any password or key used.
In a corporate environment, there is a practical difference: the $10 certificate will involve paperwork and the procurement process is likely to take a few days or even weeks.
If all people would overcome their greed AND all people in a position of power could resist the temptation to abuse it, communism would work and be fun.
SCNR
This is the photo released by the police.
There is a picture of the actual vehicle on the Web. It seems that the office chair really constitutes just a minor component of it, which becomes obvious if you compare the vehicle to the racing chairs used in official championships (page in Germany, I'm sorry).