Probably no more secure than the existing PC remote console systems (i.e. not very good). I don't expect this to be any better than the existing stuff, just cheaper. Hopefully this thing by Intel will have it's own network port or at least the ability to be on it's own vlan like the existing ones so it can be segregated network-wise.
There have been remote console mechanisms for PCs for a very long time now. I don't know why everyone suddenly thinks this is something new and shocking.
Why have you been waiting so long? If you've wanted to set up your servers incompetently this way it's been possible for decades with DRAC or ILO or LOM or IPMI... or hardware serial consoles for longer than there's been an Internet.
Don't confuse DRM with simply validating signatures on software packages you download. I've been doing the later for years on Debian with no DRM whatsoever. DRM may incorporate signatures, but it's goal is to keep someone else in control of your machine.
And I prefer corporatism, since there's still a lot of corporations out there and when they fail, their place is taken by better, faster, efficient players.
Right, just like Goldman Sachs, Citi, AIG, General Motors, Chrysler and others all went out of business and were replaced by more efficient companies when they all failed in 2008.
You're completely wrong. The source is indeed copyrighted. Additional permission to copy is granted by the license, usually on the condition that attribution is preserved.
What's the difference between "imaginary property" and real property that isn't physically in one's control (like your car on the street or you computer in your home if you forgot to lock the door)?
Already been done experimentally back in the 50's. The B-36 could "dock" with fighters, but I guess the concept didn't turn out to be a very good idea...
All major operating systems ship now with security features in place that help to keep users safe. Firewalls (on by default), ASLR, DEP, etc. have become pretty standard.
Buffer overflows in browsers, Flash, PDF readers, media players and more have all become pretty standard too. Merely browsing to a particular web site should not cause a computer to become overrun with malware, but sometimes it can.
Only the amount and the challenge? Well the problem there is that you cannot tell independently of your possibly compromised computer what exactly what the challenge is authorizing, except for the amount.
1. wait for you to log into your bank and perform a transfer 2. intercept the request. replace recipient's account number with mine. leave amount unchanged. 3. send transfer request for your amount to my account to the bank and read the challenge. 4. display challenge to you with your originally entered recipient. 5. you enter the challenge response. your chosen transfer amount goes to me.
How do you know what transaction the code is authorizing? Does the text message also contain human-readable information with all details about the transaction?
Hypothetical attack on that scheme: wait for you to type in a code, cause the browser to hang for a few seconds before transmission to the bank, perform malicious transaction with the intercepted code during those few seconds.
I use a bank with two-channel auth, and refuse to use electronic banking that relies on anything sent via my browser alone - the browser is insecure software, and can be taken over without the victim being aware of it, even when the victim is following good security practices.
So your bank authenticates every single thing you do online via a second channel?
Slashdot Mirror
Probably no more secure than the existing PC remote console systems (i.e. not very good). I don't expect this to be any better than the existing stuff, just cheaper. Hopefully this thing by Intel will have it's own network port or at least the ability to be on it's own vlan like the existing ones so it can be segregated network-wise.
There have been remote console mechanisms for PCs for a very long time now. I don't know why everyone suddenly thinks this is something new and shocking.
Why have you been waiting so long? If you've wanted to set up your servers incompetently this way it's been possible for decades with DRAC or ILO or LOM or IPMI... or hardware serial consoles for longer than there's been an Internet.
Why would any CA publish a database of good certs? That's the whole point of the signature with their private key. The valid signature means "good".
In what database? The CA's signature on the certificate is supposed to be confirmation that cert is legit.
Don't confuse DRM with simply validating signatures on software packages you download. I've been doing the later for years on Debian with no DRM whatsoever. DRM may incorporate signatures, but it's goal is to keep someone else in control of your machine.
Public key authentication / certs is an option on good VPN systems. If such a thing exists for RDP it is very rarely used.
A service you paid for and had a right to have went down for a month or so and this made you laugh?
Perhaps you underestimate just how much people value their air being clean.
Right, just like Goldman Sachs, Citi, AIG, General Motors, Chrysler and others all went out of business and were replaced by more efficient companies when they all failed in 2008.
And that's because it doesn't.
Since when do DVDs have "terms" or a license?
You're completely wrong. The source is indeed copyrighted. Additional permission to copy is granted by the license, usually on the condition that attribution is preserved.
The former I can use and the later I can't?
Already been done experimentally back in the 50's. The B-36 could "dock" with fighters, but I guess the concept didn't turn out to be a very good idea...
Buffer overflows in browsers, Flash, PDF readers, media players and more have all become pretty standard too. Merely browsing to a particular web site should not cause a computer to become overrun with malware, but sometimes it can.
Only the amount and the challenge? Well the problem there is that you cannot tell independently of your possibly compromised computer what exactly what the challenge is authorizing, except for the amount.
1. wait for you to log into your bank and perform a transfer
2. intercept the request. replace recipient's account number with mine. leave amount unchanged.
3. send transfer request for your amount to my account to the bank and read the challenge.
4. display challenge to you with your originally entered recipient.
5. you enter the challenge response. your chosen transfer amount goes to me.
Nifty. What bank is this?
How do you know what transaction the code is authorizing? Does the text message also contain human-readable information with all details about the transaction?
Only to log in, usually. Once logged in the attacker can gain control of the authenticated session and use it for malicious activity.
That still won't completely prevent malicious activity when the attacker has control of the end user's machine.
Hypothetical attack on that scheme: wait for you to type in a code, cause the browser to hang for a few seconds before transmission to the bank, perform malicious transaction with the intercepted code during those few seconds.
So your bank authenticates every single thing you do online via a second channel?
You may have violated the DMCA by having rooted it. Barnes and Noble might think the government should come in and take it from you.
That's why I said "start descending".