Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Researchers Hack Intel's VPro

kdawson posted more than 5 years ago | from the joy-of-breaking-the-unbreakable dept.

Security 105

snydeq writes "Security researchers from Invisible Things Lab have created software that can 'compromise the integrity' of software loaded using Intel's vPro Trusted Execution Technology, which is supposed to help protect software from being seen or tampered with by other programs on the machine. The researchers say they have created a two-stage attack, with the first stage exploiting a bug in Intel's system software. The second stage relies on a design flaw in the TXT technology itself (PDF). The researchers plan to give more details on their work at the Black Hat DC security conference next month."

cancel ×

105 comments

Sorry! There are no comments related to the filter you selected.

First cat post (-1, Troll)

Anonymous Coward | more than 5 years ago | (#26349927)

meow meow meow. meow meow? meow!

ATTN: the KDesktop Dev Process (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#26350145)

A big room somewhere in Europe with lots of chrome and glass and a great big whiteboard in the front with lots of tiny, neat writing on it. There are about 50 desks, each with headphones and pristine workstations, also with a lot of chrome and glass. The faint sound of classical music permeates the room, accompanying the clicky-click of 50 programmers typing or quietly talking in one of the appropriately assigned meeting areas. (Which of course consist of elegant contemporary white pine coffee tables surrounded by contemporary white pine and fine leather meeting chairs.) Coffee, tea, mineral water and fruit juices are available in the break area.

At the end of the day, *everyone* checks in their code and the project leader does a "make" just to make sure it all compiles cleanly, but it's mostly only done from tradition anymore since it always compiles cleanly and works flawlessly. When all milestones have been met, and everything has been QA'd, (usually within a day or two of the roadmap that was written up 18 months previous) a new KDE release is packaged up and released to the mirror sites with the appropriate 24-hour delay for distribution before being announced.

KDE developers are generally between the ages of 16 and 25, like art made of lines and squares and the colors white and black. When/if they finally stop taking government subsidies and get around to getting "real jobs," most of their salary will be taken in taxes so the socialist government can subsidize the care and feeding of the next generation of KDE developers, just like it did for them. A high percentage of KDE developers, during their mandatory 5 years of government military service, crack from their years of cultural dullness and flee Europe to become terrorists for the sheer joy to be found in killing random strangers for no discernible reason.

Chased by... (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#26349985)

Angry Intelâ Trusted Execution Technology© first Dog post!

Slashdot under the hood (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#26350513)

A damp basement stagnant with a combination of undeodorized armpits, sour cream and onion chips, and cheetos where a small 15" TV is hooked up to a greasy VHS deck playing reruns of Sailor Moon and Big O. The whole area, whose size is about 110 feet squared, is dimmly lit by a single incandecent bulb but is overpowered by 6 or so glowing CRTs. The floors are littered with montain dew cans but you can find a single can of diet coke which once meant a 400 lb developer or editor was "trying to lose weight".

On one side of the tiny slashdot basement, which shares a corporate overloard of VA Linux (the ficticious business name for the lead editor's mother) are the editors which spend most of their time leeching stories from Arstechnica and Digg. The editor's work process involves taking submissions and fact checking them against wikipedia. Once a submission is fact checked an editor takes the time to deliberately misspells or entirely mangles the summary while at the same time throwing in a missleading link to a sponsor. This process is entirely time consuming usually taking 4-6 hours per submission since editors use 386DX machines with 4-8MB of ram. This can sometimes explain why articles are posted 72 hours after the rest of the world has read and commented on the subject elsewhere.

The other side of the room are the slashdot developers. There is really only about 2 or 3 developers but their obesity problem allows them to get counted twice and get 2 payroll checks. The working day of a developer involves 15 minutes of javascript and perl programming and 4 hour breaks to watch UFO hunters on Sci Fi. On the perl side of the development, most slashdot developers look at how to get every last bit of performance out of their 1 mySQL server running on a 350 mhz G4 Mac by running an SQL query through a loop for about 150000 times. This often explains why it takes 12-16 minutes to submit a comment on the story pages. Being on the forefront of Web 2.0, many (read 2) of their developers push AJAX to the next level by using xmlhttprequest() to download linux ISOs and store them secretly on the page on every page view creating the illusion that slashdot javascript is actually beneficial to their website.

TXT? PDF? Wha? (4, Funny)

Yvan256 (722131) | more than 5 years ago | (#26349999)

a design flaw in the TXT technology itself (PDF).

So we need to read a PDF to read about flaws in TXT?

What do you mean it's not about plain text files?

Re:TXT? PDF? Wha? (1)

CannonballHead (842625) | more than 5 years ago | (#26350085)

I can't you're joking. Whoosh if you are.

If not: TXT: Trusted Execution Technology

Re:TXT? PDF? Wha? (1, Insightful)

CannonballHead (842625) | more than 5 years ago | (#26350105)

My mistake.

1. can't tell if you're joking.

2. Execution, not Execution.

Re:TXT? PDF? Wha? (0)

Anonymous Coward | more than 5 years ago | (#26350881)

Yeah cannonball what's the rush man? Trying out that new dvorak keyboard on /.?

Re:TXT? PDF? Wha? (0)

Anonymous Coward | more than 5 years ago | (#26354797)

It's fine to accidentally a verb here.

Re:TXT? PDF? Wha? (-1, Redundant)

Anonymous Coward | more than 5 years ago | (#26350141)

You prolly mean
Trusted Execution Technology

Re:TXT? PDF? Wha? (2, Funny)

Anonymous Coward | more than 5 years ago | (#26350641)

I can't you're joking. Whoosh if you are.

If not: TXT: Trusted Execution Technology

Guillotin?

Re:TXT? PDF? Wha? (0)

Anonymous Coward | more than 5 years ago | (#26351113)

I demand all this malware to be executed!

Re:TXT? PDF? Wha? (0)

Anonymous Coward | more than 5 years ago | (#26352923)

GUILLOSTEEL

Re:TXT? PDF? Wha? (1)

Yvan256 (722131) | more than 5 years ago | (#26352815)

Yes, I was joking. And no, I did not know TXT also meant "Trusted Execution Technology". It's not my fault if someone was dumb enough to choose a 3-letter acronym that's been used for decades in the computers domain.

Re:TXT? PDF? Wha? (0)

Anonymous Coward | more than 5 years ago | (#26361015)

acronym

initialism

Re:TXT? PDF? Wha? (1)

Mikkeles (698461) | more than 5 years ago | (#26357295)

"Trusted Execution Technology" should be TET, making this ...

(wait for it) ...

The TET Offensive!

Re:TXT? PDF? Wha? (1)

Sentry21 (8183) | more than 5 years ago | (#26354407)

Well of course, if they used a TXT file you might get hacked!

Design flaw in the TXT technology (2, Funny)

Anonymous Coward | more than 5 years ago | (#26350021)

Apparently, loading a pdf into wordpad causes an overflow that allows arbitrary code to run as administrator.

Re:Design flaw in the TXT technology (1)

zappepcs (820751) | more than 5 years ago | (#26350063)

And nobody would ever do that, would they?

Re:Design flaw in the TXT technology (5, Funny)

Meski (774546) | more than 5 years ago | (#26354129)

Reminds me of when QA wanted a corrupt word file to test something. "Fine", I said, opened a word doc with hexeditor, made some random changes, saved it. Opened it with Word, instant BSOD. "A little less corrupt" said QA.

Wii Homebrew Channel (5, Funny)

bluefoxlucid (723572) | more than 5 years ago | (#26350067)

The Wii has perfect encryption and signing on hardware-assisting firmware and system software that can't be compromised. It uses a completely trusted execution stack to ensure only authorized applications run and to immediately detect and disable unauthorized third party software.

Re:Wii Homebrew Channel (1)

Adult film producer (866485) | more than 5 years ago | (#26350181)

Is that a challenge you're proposing?

Re:Wii Homebrew Channel (4, Insightful)

whoever57 (658626) | more than 5 years ago | (#26350379)

The Wii has perfect encryption and signing on hardware-assisting firmware and system software that can't be compromised.

Let me correct that for you:

The Wii has perfect ^H^H^H^H^H^H an encryption and signing on hardware-assisting firmware and system software that can't be ^H^H^H^H^H^H hasn't been compromised.

Re:Wii Homebrew Channel (2, Interesting)

nobodylocalhost (1343981) | more than 5 years ago | (#26351049)

On the same note, has anyone cracked the xbox 360 hardware security? The only thing i see so far is that XFPS device which uses a "man in the middle" attack to hijack the connection between a controller and the console itself.

Re:Wii Homebrew Channel (1)

Spatial (1235392) | more than 5 years ago | (#26351439)

Yes. But you run the risk of being banned from the online service if the modification is detected, which costs money.

Re:Wii Homebrew Channel (3, Informative)

Anonymous Coward | more than 5 years ago | (#26351569)

Yes. Google '360 timing attack'. All keys can be retrieved, at which point you can disable/bypass the encryption at any stage after the very first hardware-embedded loader signature checks.

Hmm (1, Informative)

Anonymous Coward | more than 5 years ago | (#26351435)

The Wii has 232 bit elliptic curve encryption. While it hasn't yet been broken, someone I believe did break a 109-bit key. There isn't security that will ever exist which can't be broken.

Re:Hmm (1)

Darkk (1296127) | more than 5 years ago | (#26354575)

That's ok. Somebody with a dozen or so Sony PS3s clustered together to crack the Wii's 232bit encryption key so it'll be a matter of time.

Re:Hmm (1)

Skuto (171945) | more than 5 years ago | (#26355385)

109-bit ECC keys give about 2^54 security
232-bit ECC keys give about 2^116 security

It's only a difference of 2^62!

Re:Wii Homebrew Channel (4, Informative)

marcansoft (727665) | more than 5 years ago | (#26351693)

Someone's been living under a rock since December 2007.

I'll just point you to the recent 25th Chaos Community Congress Console Hacking talk (slides [marcansoft.com] , video [tu-ilmenau.de] ) which neatly summarizes a year of hacking and how much of a horrible failure Nintendo's security has been.

Spoiler: their signatures used to have 8-bit security. Literally.

We've had lots [hackmii.com] of [youtube.com] fun [wiibrew.org] .

Re:Wii Homebrew Channel (0)

lordSaurontheGreat (898628) | more than 5 years ago | (#26355063)

No one can hack Wii because the development kit costs $1,700 per seat.

No programmer in their right mind would risk getting that toy pulled! Think: I could make it rich if I build the Wii's Killer App, but I could loose that chance if I do something stupid and get my SDK pulled!

Re:Wii Homebrew Channel (1)

SL1200MKII (1263800) | more than 5 years ago | (#26350381)

Sometimes there is no need to compromise the encryption and authentication, just circumvent it. Have you looked at the stuff they have on

http://www.wii-modchips.com/ [wii-modchips.com]

Re:Wii Homebrew Channel (1)

Trinn (523103) | more than 5 years ago | (#26350743)

Apparently someone missed the sarcasm tags here.

This is NOT a Troll.

I would mod, but I figured since nobody'd posted this I'll do that instead

This can't be possible! (4, Funny)

fuzzyfuzzyfungus (1223518) | more than 5 years ago | (#26350107)

Every single trade magazine and free objective TCO whitepaper for months has been full of pictures of PC desktops with combination locks photoshopped onto them, and fulsome praises of VPro! How could it possibly be vulnerable? I'm going to go cry in my corner office in the management suite now.

Quick! (3, Funny)

MightyMartian (840721) | more than 5 years ago | (#26350121)

Quick, somebody arrest these scoundrels! How dare they show flaws in technology! The next thing you know, fraudsters and pornographers will be taking advantage of this. THINK OF THE CHILDREN!!! THINK OF 9-11!!!

TXT execution technology (-1, Offtopic)

Gizzmonic (412910) | more than 5 years ago | (#26350153)

I have a fun question to ask all you slashheads out there. If you actually did have to execute someone with a text editor (let's say Stallman and Linus Torvalds overthrew the government, and you were the executioner), which one would you use?

I'd definitely use vi.

Re:TXT execution technology (1)

TheRealMindChild (743925) | more than 5 years ago | (#26350195)

edit.com

Re:TXT execution technology (1)

jonas_jonas (1135553) | more than 5 years ago | (#26357095)

What does this have to do with cows [edit.com] ?

Re:TXT execution technology (0)

Anonymous Coward | more than 5 years ago | (#26350211)

pico

Re:TXT execution technology (1)

lytithwyn (1357791) | more than 5 years ago | (#26350233)

Emacs all the way. My method of execution would be C-x k {person's name}.

Re:TXT execution technology (1)

Hordeking (1237940) | more than 5 years ago | (#26350303)

I toggle bits.

Re:TXT execution technology (2, Funny)

LostInTransportation (1012423) | more than 5 years ago | (#26351161)

Real programmers use butterflies [xkcd.com] .

Re:TXT execution technology (1)

m.ducharme (1082683) | more than 5 years ago | (#26351775)

Isn't there an Emacs Key combo that does that?

Re:TXT execution technology (1)

RazzleDazzle (442937) | more than 5 years ago | (#26352643)

Real programmers code in binary [krytosvirus.com]

Thank you! (4, Insightful)

Just Some Guy (3352) | more than 5 years ago | (#26350263)

RMS calls this "treacherous computing", and I have to agree with him. This is a good development as it demonstrates quite nicely that DRM (which is probably the #1 use of VPro et al) in simply not possible. Thanks, ITL, for showing this as folly!

Re:Thank you! (5, Interesting)

Anonymous Coward | more than 5 years ago | (#26350655)

That is completely different that what DRM for multimedia is. For multimedia, they want you to be able to view the content without being able to copy them, which is fairly ridiculous.

For TPM (or whatever the marketing acronym is now), they're just using hardware to ensure that only signed binaries are executed. There's valid reasons to want this as a user. For instance, sign the kernel. On first run, error out saying the app isn't signed and ask you to sign it yourself (or for things like linux distros, the binaries are signed by the distro or repo). Thus viral infections by modifying binaries & rootkits become much more difficult (e.g. theoretically a system that starts out non-compromised cannot become so by modifying existing programs and would need you to actively sign compromised apps before they start).

Here's the overlap and the reason it's bad: from what I understand, the signing authority must be the TPM chip maker. Thus you're relying on potentially someone you don't trust to perform the signing, instead of being able to chose whome to trust. Very likely, it'll be used to strip the user of the capability to do what they want. For example, wanna play a DVD? Only friendly, region-obeying, DVD playing software is allowed. Wanna play music? Only software that honors DRM restrictions allowed.

Flaws? Or by Design? (1)

SpaceLifeForm (228190) | more than 5 years ago | (#26350681)

Are they really design flaws? Or was this actually by design, and now the backdoor method has been discovered?

Re:Thank you! (3, Interesting)

Deanalator (806515) | more than 5 years ago | (#26350769)

Bullshit, not a single person working on TPM at Intel thinks it will ever work for DRM. I say this as someone who as talked with several of the security architects and TCG liaisons (in a non-professional setting).

TPM does close to nothing to prevent local attacks. What it is meant for is to prevent remote attackers from digging too deep by providing a safe place to store keys.

It is used to sign code. What Joanna did is what she always does, she found a fun way to get arbitrary code to execute when only signed code is supposed to be able to.

Re:Thank you! (4, Insightful)

IamTheRealMike (537420) | more than 5 years ago | (#26351391)

Keyword, at Intel. TC is the work of a large committee, with many companies. If you read the specs the conflicting goals are obvious. Simple question - is the TPM meant to resist hardware attacks or not? Sometimes it is, sometimes it isn't. It's not very good at this currently, you could beat 1.1 TPMs with a piece of wire (literally), but Intel are moving them inside the south bridge, where hardware attacks will be much harder.

In theory at least TC can be used to implement better DRM, because it makes it harder for people to debug the implementation. But there are still many unimplemented features needed to make this work, eg, trusted I/O, and no real roadmap to implement them. And even when done, it'll be years before the technology is widespread, and it's so complicated I'm sure Joanna and friends will be able to find many more problems with it.

The real promise of TC is a way out of the malware quagmire. Being able to run a web browser and know - for sure - that it's not been compromised by a password sniffer or the like, well, that's a useful thing and that's what TXT lets you do (when complete). A remote voting app that can prove to the server that it's a real human casting the vote and not a bot? A very useful thing, perhaps even a necessary precondition for digital democracy. TC can make this happen. DRM? Well if you want a crappy inferior very complex form of DRM then sure, go ahead, but it'll be less secure and more expensive than the equivalent implemented in controlled hardware like the PS3, Xbox360, mobile phones etc ...

Re:Thank you! (2, Insightful)

jhol13 (1087781) | more than 5 years ago | (#26358731)

Being able to run a web browser and know - for sure - that it's not been compromised by a password sniffer or the like, well, that's a useful thing and that's what TXT lets you do (when complete).

No it won't. If the said browser behaves erroneously on a particularly crafted web page the web page creator might be able (depending on the error) to take full control of the machine, e.g. by injecting remotely controllable ("telnet") Javascript applet.

For voting the TC cannot *prove* anything - again a simple overflow (either buffer or integer or ...) bug can make the bot look exactly like human to the TC. TC can "prove" provided there are no bugs. Which is lame.

Re:Thank you! (0)

Anonymous Coward | more than 5 years ago | (#26358829)

but Intel are moving them inside the south bridge, where hardware attacks will be much harder.

not any more...
fairly obvious why anon I would think

Re:Thank you! (3, Insightful)

Just Some Guy (3352) | more than 5 years ago | (#26351497)

Bullshit, not a single person working on TPM at Intel thinks it will ever work for DRM.

Funny, as it's the first listed possible application [wikipedia.org] on Wikipedia. How could TPM possibly not be used for DRM? All the ingredients are there. From the same article:

Sealed storage could prevent users from moving sealed files to the new computer. This limitation might exist either through poor software design or deliberate limitations placed by publishers of works. The migration section of the TPM specification requires that it be impossible to move certain kinds of files except to a computer with the identical make and model of security chip.

Isn't that almost the very definition of DRM?

Re:Thank you! (0, Troll)

Achromatic1978 (916097) | more than 5 years ago | (#26352459)

Wow. Cause it's not like any random Yahoo could write something in the TPM article, is it... oh, wait.

Have you actually read that article, in particular that section? A lot of it is written amazingly badly - I wouldn't accept much of it as a Junior High English essay, the basic grammar and sentence structure at that horrible.

Re:Thank you! (4, Insightful)

Anonymous Coward | more than 5 years ago | (#26351633)

Excuse me... let me phrase that correctly: "Bullshit, not a single person working on TPM at Intel will admit that was designed for DRM."

The entire reason for the project (started back in the late 90s) was DRM - or, as one Intel engineer at a talk I attended put it - "making a system secure against its owner". Only later they decided, after users started to realise just what TXT really means for them (total control by the likes of Microsoft), that they would smother the whole "for DRM" thing and flatly refuse to ever discuss it. Instead they always emphasise the "security" aspects instead. Only morons are fooled - hello there.

Anyone who thinks that Intel is not about DRM is an idiot. Intel is *THE* DRM kingpin (HDCP etc etc).

Re:Thank you! (1)

redtail (265571) | more than 5 years ago | (#26351651)

Right, the gnashing of teeth is not the DRM crowd, it is the government sponsored high assurance computing platform proponents. Today, low assurance systems like Linux and Solaris sit between SECRET networks and the Internet. Some hoped to use TxT to create high assurance replacements. But I'm sure they'll conclude this is the "last bug" and plow forward.

Re:Thank you! (1)

WarlockD (623872) | more than 5 years ago | (#26351669)

Not to mention no easy local recovery. Try replacing a burned out motherboard on a server with bit locker. No recovery disk, no data:P

Re:Thank you! (5, Insightful)

Alsee (515537) | more than 5 years ago | (#26351915)

Orly?

What a load of crap. At best you are merely naive.

I am a programmer, and in particular I have studied the Trusted Platform Technical Specification documentation. All 332 pages of dense technicaleese. There is one particular page I would like to cite. In the TCPA Main TCG Architecture v1_1b.pdf on page 277 the documentation comes right out and announces the fact it is designed to be secure against "rogue Owners".

You are either mistaken, or you're full of crap. The chip is in fact designed to lock the computer against the owner. Yes, locks that are designed to protect the computer against it's owner will also prevent outside attackers from doing things that the owner himself is forbidden to do. However that is incidental. A hostile Trusted Computing system trying to lock computers against their owners is fundamentally different than a system designed to secure computers for the owner.

If you really do believe that this is solely intended for the benefit of the owner, perhaps you could answer some questions for me.

Why the absolute refusal to implement the EFF's Owner Override proposal? It would give the owner full control of his own computer while still securing against remote attacks. You could even secure against local attackers (other than the owner) by placing adding some sort of Owner Authentication element to the Override system.

Or how about my proposal? I merely want a printed copy of the master key to my own computer. I merely want the option to buy a computer that comes with a printed copy of my master key. (Technical note: I am referring to the PrivEK key, and having the option to export the RSK key encrypted to the PrivEK would be beneficial for ease and security reasons.) Go ahead, explain to why I am absolutely forbidden to know the master key to my own computer. Go ahead and explain why they absolutely refuse to PERMIT anyone to manufacture any compatible Trust Chip that permits the owner to know their own master key.

And best of all, explain to me all of the documented systems and plans to REVOKE and (for all practical purposes) brick any chip if they ever detect that you have learned the master key locked inside you computer, if you ever learn the master key to control your own computer, if they ever detect that you have the power and control to override any DRM system based on the chip.

And don't even try the line about how this revocation system is "not part of the chip itself". The chip was explicitly designed to secure the computer against the owner, the chip was explicitly designed to to support that revocation system, and the chip's technical documentation and design specification explicitly mention this revocation system.

The design specs endlessly list all of the things that the owner MUST be forbidden to be able to do, all of the things the owner MUST be forbidden to know, the specification even has a section that mandates that any owner's data under "non-migable keys" MUST be effectively impossible to back up and MUST be irretrievably lost if the chip ever dies.

And on and on and on. Yes, the chip was explicitly designed to consider the owner to be the enemy. The chip is explicitly designed to be secure against "attacks" by the owner. Yes, the current generation of chips are relatively vulnerable to physical attack - by the owner or by a hostile attacker. However it is fundamentally designed to lock against the owner, there is a supplemental specification on how to increase the physical security against the owner and how to certify hardware as possessing stronger anti-owner physical security, and there is mention in the CHIP speck itself and in supplemental specifications on how to revoke and lock-out any chip where an owner does manage to gain local override control over his own computer.

Yes, there are some people working on Trusted Computing with the intent of securing your computer for you, of protecting you against remote attackers. However that does not change the fact that the system is indeed designed to lock computers against the owner, that it is indeed designed explicitly for DRM support, that it is explicitly designed to be hostile to the owner, it does not change the fact that they COULD design a pro-owner system to secure your computer for you without these anti-owner aspects, but that they refuse to permit any compatible pro-owner chip that does not also impose these anti-owner DRM style enforcement systems as well.

-

wrong concept of owner? (1)

ovu (1410823) | more than 5 years ago | (#26358887)

Isn't vpro intended for business ?

In this case, the protection mindset is oriented towards overall network and data integrity and NOT for preserving the non-existent freedoms of individual machines and "owners".

The concept of a rogue owner makes perfect sense in this context.

Re:wrong concept of owner? (1)

flight666 (30842) | more than 5 years ago | (#26360889)

Bzzt. wrong. try again.

You confuse "owner" in this case with "user".

The owner of the machine is the business that owns it, while the user is the poor guy sitting at the keyboard. It is perfectly reasonable for the owner to want to protect against a rogue user. But all of the comments in the grandparent thread still apply. The legitimate owner (even if it is a business) still owns the physical hardware and has all the same concerns a regular person would have.

Re:wrong concept of owner? (1)

Alsee (515537) | more than 5 years ago | (#26368283)

First, the other person who already replied to you was absolutely right. Even in the case of business, the business itself or the business owner is the owner of the computer. And it is still illegitimate for the system to consider the owner to be the enemy. This system is still attempting to secure the computer AGAINST the owner.

Second, yes, Intel has explicitly said that vPro is intended for home PCs as well. This stuff is just targeting the business market first.

Next, the "rogue owner" quote was from the Trusted Platform Module (TPM) technical specification. The TPM chip is the central component of vPro. The TPM is explicitly targeted for both business and home use. In fact the Trusted Computing Group has explicitly announced their intention for this chip to become "ubiquitous", a standard component of essentially all computers and most other digital devices.

And lastly:
NOT for preserving the non-existent freedoms of individual machines and "owners".

Ha. Putting owner in scare quotes.
When I buy a computer I AM the owner. Not some sarcastic-scare-quotes "owner". My computer is my property. I have every right to rip open my computer, or do whatever I like with it. It is entirely illegitimate and nonsensical to call me an "attacker". I cannot "attack" my own property because anything I do is inherently authorized, legitimate, and rightful.

If I run a small business, then I AM still the owner. Not some sarcastic-scare-quotes "owner". I still have every right to rip open my computer, or do whatever I like with it. It is entirely illegitimate and nonsensical to call me an "attacker". I cannot "attack" my own property because anything I do is inherently authorized, legitimate, and rightful.

If a major public corporation owns a computer then it IS the owner. Not some sarcastic-scare-quotes "owner". The management of that company has every right to rip open that computer, or do whatever they like with it. It is entirely illegitimate and nonsensical to call them an "attacker". They cannot "attack" their own property because anything they do is inherently authorized, legitimate, and rightful.

Trusted Computing is designed to be hostile. It is designed to consider the rightful owner to be the enemy. It is designed to "secure" computers against their rightful owners. Trusted Computing is malicious and malignant.

-

Re:Thank you! (1)

Deanalator (806515) | more than 5 years ago | (#26363857)

While it may be inconvenient that they don't include a software path to disable security, there is still nothing stopping the user from just pulling the keys straight out of the hardware.

I have seen people pull TPM keys with about 1000 dollars worth of gear.

Even in best case scenarios for the RIAA, all it takes is one user cracking their TPM to generate as much clean media as they want, and then we are back to where we started.

Anti piracy groups have already far surpassed the point of diminishing returns, and piracy advocates out number them significantly. The message is clear. If your sales model is based on treating information as if it was actual physical property, you are going to fail miserably.

It might work for some DRM, like passing out a few sealed PDFs etc, but it will never work for mass media distribution, and I think more people are aware of that than you may realize.

Re:Thank you! (0)

Anonymous Coward | more than 5 years ago | (#26367083)

Uhh...

Let us consider the portable device, more precisely the data security of one. Granted the operating device or its user isn't compromised, the only way to breach data security is to possess said device by finding it on street corner, or "obtaining" it otherwise. In short, the data is protected by default up and until the "owner" is changed. A secure device therefore MUST resist owners attempts to tamper. To ensure data availability, the real owner has but one option, the good old backup tape in a safe. Incidentally, you don't make 1:1 backups of block-level encrypted data. If this level of security is needed, the backup volume needs to be (re)encrypted with a separate key. Yes, with encrypted volumes, you really, really, need to back them up.

The secure device must be as restrictive as possible for maximum safety. Distribute master key printout? But why, it can only weaken the security.

Again. If you value your data (above the hardware), you keep a BACKUP. Personally, I'm worried about the prospect of tracing, and IDentification of device users, and the backdoors that could be placed, you know, to protect the children. I'd rather have the TPM time out and destruct than a master key...

This message will self-destruct in five seconds. Good luck, Jim.

Re:Thank you! (1)

tehcyder (746570) | more than 5 years ago | (#26356205)

That is completely different that what DRM for multimedia is. For multimedia, they want you to be able to view the content without being able to copy them, which is fairly ridiculous.

Why? The copyright owners don't want people making free copies and passing them on to people who then don't pay to view it.
The copyright owners have spent money and now want to make as much money back as they can, why is this ridiculous?

Re:Thank you! (1)

Just Some Guy (3352) | more than 5 years ago | (#26356543)

The copyright owners have spent money and now want to make as much money back as they can, why is this ridiculous?

Their desire isn't ridiculous, albeit insanely greedy in practice. The basic idea of you being able to copy something to RAM but not back to disk is just nuts, though. At this moment, I'm unaware of any widely-used DRM scheme that's not cracked. That's because the whole idea is basically impossible, at least without Treacherous Computing.

Re:Thank you! (1)

Deanalator (806515) | more than 5 years ago | (#26363473)

.. why is this ridiculous?

It's ridiculous because information isn't stuff, and any attempt to control information as if it was a physical object is going to fail miserably.

Re:Thank you! (0)

Anonymous Coward | more than 5 years ago | (#26352279)

Disk drives with hardware encryption are becoming common, perhaps the norm in the near future. Using the TPM, true practical disk encryption may finally become reality.

However, the embedded TPM chip contains a unique master key. Remember the days of Pentium III with its Processor Serial Number? Makes you wonder...

Re:Thank you! (1)

Just Some Guy (3352) | more than 5 years ago | (#26353339)

Using the TPM, true practical disk encryption may finally become reality.

As long as your definition of "practical" includes "unrecoverable", as in what your data will be if your motherboard fails.

Re:Thank you! (2, Interesting)

hairyfeet (841228) | more than 5 years ago | (#26355119)

Bingo! We have a winner! You would have to be nuts to use TPM when something as mundane as a mobo failure can cause all your data to go poof. But I have a more fundamental problem with it. If I buy a car you better hand me the damned keys, I buy a house, a lockbox, same thing. There ain't no way in hell I'm shelling out good money on a PC that has a lock that they won't give me the damned keys to.

I avoid software that expects us to pay full price for a rental, and TPM is the same thing. Without the keys those that have the keys can flip the switch and my money just went to a doorstop. So I'll keep building my own desktops and buying laptops without any stupid locks that I don't have the keys for. The big OEMs can push that crap all they want, it just gives me a reason to avoid them. I am sure that as long as computers are built overseas there will be somebody willing to build one without a TPM chip to save a few bucks. And I'll be happy to buy from them. Voting with your wallet: its a good thing.

Another repeat: the unlockable lock (5, Insightful)

Anonymous Coward | more than 5 years ago | (#26350323)

Never a lock has been created that can't be broken.

Any time you see "unbreakable", "unsinkable" or similar claims, call your bookie: they will. The question is when, not if.

Re:Another repeat: the unlockable lock (1, Interesting)

Anonymous Coward | more than 5 years ago | (#26350471)

Then why can't I rip my SACDs yet? :(

Re:Another repeat: the unlockable lock (1)

Just Some Guy (3352) | more than 5 years ago | (#26350617)

Then why can't I rip my SACDs yet?

Because in an age where 128Kbps MP3s are the norm, no one really cared about SACD or DVD-Audio to bother.

Re:Another repeat: the unlockable lock (2, Interesting)

Chabo (880571) | more than 5 years ago | (#26350795)

It's up to app designers to make the default bitrate more towards the "transparent" region.

I've been trying to get my friends (the more technically-oriented ones, anyway) to rip to FLACs to keep on their primary machine, and to use my program (see my sig) to convert to decent-quality Oggs or MP3s for portable use.

I convert to Oggs mainly because MP3s aren't designed for gapless playback, and they work with Rockbox. "-q 6" gives VBR at around 192kbps -- more than enough for a portable player going over a pair of earbuds, and I have the FLACs for when I'm sitting at home, with my good headphones.

Re:Another repeat: the unlockable lock (1)

Mitchell Mebane (594797) | more than 5 years ago | (#26353657)

If you use LAME to encode your MP3s and play them on a supporting player, you can get gapless. Foobar2000 and Rockbox, at least, support LAME's gapless playback headers.

Re:Another repeat: the unlockable lock (1)

Chabo (880571) | more than 5 years ago | (#26359169)

Last time I checked (admittedly, over a year ago), in order to encode MP3s with LAME's gapless playback headers, you had to encode the entire album (or at the very least, the two songs you want to be gapless) in one shot from the command line. So with an encoding scheme like those of Exact Audio Copy or FlacSquisher (my program), where encoding is done with one process per track, the MP3s will have space to fill in the last packet, and will fill it with empty samples, leading to gaps, no matter what player you use.

Correct me if I'm wrong, please. If I am wrong, then that's an extra feature that I can include in FlacSquisher's list! :)

mnb Re:Another repeat: the unlockable lock (0)

Anonymous Coward | more than 5 years ago | (#26367021)

Last time I checked (admittedly, over a year ago), in order to encode MP3s with LAME's gapless playback headers, you had to encode the entire album (or at the very least, the two songs you want to be gapless) in one shot from the command line.?

You are confused. That was never the case. Much less as recently as a year or two ago.
In particular - you are confusing the old "-nogap" switch with LAME gapless playback headers.

The headers document the encoder delay and last-frame-gap so that a compliant player knows how much silence is on either end.

What you describe, on the other hand, is LAME's option switch which delivers MP3 gapless to non-LAME-aware players. What it does is shift (ever so slightly) the split point between two adjacent files (tracks) so that it falls on an even frame boundary and thus any spec-compliant decoder is gapless.

Re:Another repeat: the unlockable lock (2, Funny)

RiotingPacifist (1228016) | more than 5 years ago | (#26350693)

Just use the analog hole, SACDs may be cracked eventually if somebody else starts using them though.

Re:Another repeat: the unlockable lock (1, Informative)

Anonymous Coward | more than 5 years ago | (#26351809)

There's already a hardware hack in progress. [hydrogenaudio.org] But, as you say, the format is so obscure there's little demand for such ripping.

Re:Another repeat: the unlockable lock (1)

Chabo (880571) | more than 5 years ago | (#26350683)

I know how to make a lock that can't be unlocked except by brute force: weld two pieces of steel together to make a solid ring.

If it can't even be opened with a key, you can't use a lock pick, can you?

Re:Another repeat: the unlockable lock (0)

Anonymous Coward | more than 5 years ago | (#26350813)

Define "key".

Re:Another repeat: the unlockable lock (2, Funny)

Nethead (1563) | more than 5 years ago | (#26350999)

Re:Another repeat: the unlockable lock (1)

Muad'Dave (255648) | more than 5 years ago | (#26357513)

I once had a Home Depot employee call that saw a "Sway-zull" instead of saws-all. Of course my wife and I call it that now in honor of her (the HD employee's) curious pronunciation.

Re:Another repeat: the unlockable lock (1, Insightful)

nobodylocalhost (1343981) | more than 5 years ago | (#26351239)

risking to be modded troll, i would like to say sure there is an unbreakable lock. An unbreakable lock is a lock that noone cares enough to break.

Re:Another repeat: the unlockable lock (0)

Anonymous Coward | more than 5 years ago | (#26351581)

The question is how easy is it to open that lock without having the key? Clearly it is much harder if the implementation is done correctly in hardware. It is also more expensive. Furthermore, a hardware implementation generally means (or at least should mean) you need physical access to bypass it - at which point you've already given your attacker a significant advantage to do what they want.

Re:Another repeat: the unlockable lock (1)

smellsofbikes (890263) | more than 5 years ago | (#26358927)

One-time pad encryption is unbreakable. Provably so.
Other modern algorithms like Blowfish may be breakable if you throw enough computers at them, but nobody has any idea how to break them, even if you had the entire world's computational hardware running for a thousand years. There is no known break (yet.)

The problem is that we're making rapid advances in strong cryptography, which is good for anonymity and secure online communication, but when companies use that same cryptography to protect their software, we're as hosed as any other wiretapper. They have more resources than we do, so they can afford the very best, and the very best is *very* good.

Homeland Security Alert: Teens Talk About Stuff (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#26350345)

From Omyfuckinggod [usnews.com]

Health Buzz: Teens Using MySpace and Other Health News
Posted January 6, 2009
Teens Who Use MySpace Often Discuss Sex, Substance Abuse, Violence

About 54 percent of adolescents who use the social networking website MySpace often discuss sexual behavior, substance abuse, or violence on the site, according to a pair of new studies published this month in Archives of Pediatric & Adolescent Medicine by researchers at Seattle Children's Research Institute. In one of the studies, the researchers looked at 500 randomly selected MySpace profiles of 18-year-old teens (as reported on their MySpace pages) to determine how much they discussed high-risk behaviors and if those behaviors were influenced by their interests, activities, or other factors. Forty-one percent of the profiles referenced substance abuse, 24 percent discussed sexual behavior, and 14 percent talked about teen violence.

Dear Pediatricians: Please return to your job and practise MEDICINE, not stupid stories.

Yours sincerely,
Golem

Bug in 'system software' (2, Interesting)

Daemonax (1204296) | more than 5 years ago | (#26350923)

Is this 'system software', a driver for Windows, or is it a bug in the firmware and therefore compromises the security this provides regardless of OS? Also, if it's firmware, is it the type that's burnt into the hardware and can't be changed, or the type that's loaded by the OS? If the later, this seems to me like a good reason for companies like Intel to release the source code for firmware.

Re:Bug in 'system software' (0)

Anonymous Coward | more than 5 years ago | (#26355781)

It is named the "SINIT module" in the TXT (public) documentation. It MUST be signed by the southbridge manufacturer (read intel) and represents the "DRTM" (Dynamic Root of Trust for Measurement). You can see this as a sort of "asynchronous BIOS" that can be started at any moment after boot (not at reset time) and which begins executing in a (supposedly..) temperproof region of memory (in fact a chunk of L2 cache behaving like a static RAM inside the CPU). This permits the launching of what they call a "trusted chain of boot" (trusted for who?..;))

Invisible Things Labs is J. Rutkowska (Blue Pill) (5, Informative)

paleshadows (1127459) | more than 5 years ago | (#26351121)

"Invisible Things Labs" means, more or less, Joanna Rutkowska, discussed in these related slashdot stories

Re:Invisible Things Labs is J. Rutkowska (Blue Pil (1)

lifeflaw (1445209) | more than 5 years ago | (#26354175)

Exactly, that's by now, "old news".

Wrong Wrong Wrong (4, Insightful)

Glasswire (302197) | more than 5 years ago | (#26351601)

vPro is mostly about AMT OOB management which is secure and is in it's 5th generation. TXT is relatively new component which is implemented virtually nowhere yet and has virtually nothing to do with the AMT functionality that has been and is being implemented hundreds of sites. AMT management is 97% of what vPro really is and is what the industry system OEMs generally mean when they say vPro. TXT is a future technology waiting for ISV enablement whereas core AMT/vPro is real and here now. Saying that because TXT may be compromised AND suggesting that the primary, working part of vPro is insecure is outrageously misleading.

Re:Wrong Wrong Wrong (0)

Anonymous Coward | more than 5 years ago | (#26351983)

Do What?

Alphabet Soup...

Re:Wrong Wrong Wrong (1)

Koiu Lpoi (632570) | more than 5 years ago | (#26352123)

I'm going to be completely honest here: I have no idea what you just said, and I fear that expanding your acronyms would push your post to multiple pages.

Re:Wrong Wrong Wrong (0)

Anonymous Coward | more than 5 years ago | (#26353623)

He must work at intel. The only place I've ever worked where the acronyms required a dictionary website to explain them to employees.

A very large website no less.

Re:Wrong Wrong Wrong (0)

Anonymous Coward | more than 5 years ago | (#26354337)

Believe me, it isn't the only place. But I shouldn't mock Harry Potter.

Re:Wrong Wrong Wrong (2, Informative)

wildstoo (835450) | more than 5 years ago | (#26356279)

From Wikipedia [wikipedia.org] :

Intel Active Management Technology (AMT) is hardware-based technology for remotely managing and securing PCs out-of-band.

Also from Wikipedia [wikipedia.org] :

Out-of-band is a technical term with different uses in communications and telecommunication. It refers to communications which occur outside of a previously established communications method or channel.

In this case it means remotely changing system (BIOS) settings etc. while workstations/servers are 'powered down'. There's more to it than that, of course. Check the features list on that linked article.

Re:Wrong Wrong Wrong (1)

lazyforker (957705) | more than 5 years ago | (#26353119)

vPro is mostly about AMT OOB management which is secure and is in it's 5th generation. TXT is relatively new component which is implemented virtually nowhere yet and has virtually nothing to do with the AMT functionality that has been and is being implemented hundreds of sites. AMT management is 97% of what vPro really is and is what the industry system OEMs generally mean when they say vPro. TXT is a future technology waiting for ISV enablement whereas core AMT/vPro is real and here now. Saying that because TXT may be compromised AND suggesting that the primary, working part of vPro is insecure is outrageously misleading.

Thanks for the post. This is just what I wanted to say. My team has specified vPro PCs to replace the current PCs specifically for the management features. If you manage a large PC environment it's worth taking a look at.

Blue Pill (1)

meridian (16189) | more than 5 years ago | (#26355533)

I believe this is based on the Blue Pill attack (from the same person) which essentially is a hypervisor that mimics the underlying system to gain access to the encryption keys. The flaws in the attack are that it is complicated to fully mimic the underlying hardware in software, the main drawback being that the timings by the hardware would be out due to the software hypervisor layer and this may be detected by the underlying OS or software running underneath the hypervisor. However it may be possible to write a hypervisor that takes all things into account but this would be quite an extensive task. ie. it is quite complicated to do properly but fesible (from what I have read). Mimicing the underlying system and the software interface to this via a hypervisor would allow access to the encryption keys. The article says basically "this is first stage attack, will produce stage 2 when intel responds to this" so they obviously have not completed the extensive programming task to take all things into account. Intel have known about this issue for some time as I asked one of their lead engineers the question a few months back if Trusted Execution was known to be totally secure and he basically said that theoritically it could be broken and told me to google "blue pill".

Clever guys (0)

Anonymous Coward | more than 5 years ago | (#26359363)

Now if they could take a look at hypervisor found in PS3 machines...

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>