|
| Authored by: Anonymous on Monday, July 02 2012 @ 01:51 PM EDT |
I meant to say that the "bad guys" with the compromised key *will* be
able to attack the computer.[ Reply to This | Parent | # ]
|
|
|
| Authored by: cjk fossman on Monday, July 02 2012 @ 02:11 PM EDT |
| . [ Reply to This | Parent | # ]
|
|
|
| Authored by: Gringo_ on Monday, July 02 2012 @ 02:27 PM EDT |
| [ Reply to This | Parent | # ]
|
|
|
| Authored by: Anonymous on Monday, July 02 2012 @ 02:32 PM EDT |
We haven't yet taught users run their computers secure, we try to teach them sue
secure boot :D
I think this secure boot thingy is about IT department setting up associate's
computers for high security. I don't think home users will see any benefits...[ Reply to This | Parent | # ]
|
|
|
| Authored by: argee on Monday, July 02 2012 @ 10:22 PM EDT |
I can see it already.
The virus/malware people compromise the key.
They install the virus.
The virus, first thing it does, it changes the
key to one that only the virus has available.
Voila! The first secure virus! You can't get rid of it!
---
--
argee[ Reply to This | Parent | # ]
|
|
|
| Authored by: Anonymous on Wednesday, July 04 2012 @ 01:51 PM EDT |
Except that "Secure Boot" is merely "DRM" spelled out. The
entire toolchain is focused not on user security but on centralized key control.
Microsoft owns the master signing keys, and is selling signatures, so it's a
profit maker. And by holding the master keys *and user's private keys* under the
"recover your lost keys" part of their software, they've opened the
door wide for government access to allegedly "protected" data. It's
also deliberate to control the whole toolchain from bootloader data storage
hardware as fast as "Trusted Computing" can be rolled out to hard
drives and DVD or USB devices.
How do you think Microsoft got federal buy-in to ship robust encryption
software? By holding the master, and user's private keys, and by having *no*
external overview of when they release keys, Microsoft has effectively given
governments worldwide complete and court-free access to the entire allegedly
"privacy protecting" keychain.
I asked Brian LaMacchia, one of the "trusted computing" developers at
Microsoft and author of the best .NET book, about this. He said "if
Microsoft did that, the engineers would resign". I said "just like you
resigned from .NET, and they ignored you and screwed up security anyway"?
He was shocked: he didn't seem to understand that resigning *after* you locked
the Jews in the gas chamber is too late.[ Reply to This | Parent | # ]
|
|
|
| Authored by: Anonymous on Thursday, July 05 2012 @ 01:24 PM EDT |
The only real solution to this problem is to give the consumer
ultimate control
over the signing keys in the computer
For x86
machines, the user will have ultimate control. They can go into
the firmware
settings and completely control the keys. This is a requirement
in order to get
Windows 8 certification. [ Reply to This | Parent | # ]
|
|
