Researchers Hack Intel's VPro 105
snydeq writes "Security researchers from Invisible Things Lab have created software that can 'compromise the integrity' of software loaded using Intel's vPro Trusted Execution Technology, which is supposed to help protect software from being seen or tampered with by other programs on the machine. The researchers say they have created a two-stage attack, with the first stage exploiting a bug in Intel's system software. The second stage relies on a design flaw in the TXT technology itself (PDF). The researchers plan to give more details on their work at the Black Hat DC security conference next month."
Re:Another repeat: the unlockable lock (Score:1, Interesting)
Then why can't I rip my SACDs yet? :(
Re:Thank you! (Score:5, Interesting)
That is completely different that what DRM for multimedia is. For multimedia, they want you to be able to view the content without being able to copy them, which is fairly ridiculous.
For TPM (or whatever the marketing acronym is now), they're just using hardware to ensure that only signed binaries are executed. There's valid reasons to want this as a user. For instance, sign the kernel. On first run, error out saying the app isn't signed and ask you to sign it yourself (or for things like linux distros, the binaries are signed by the distro or repo). Thus viral infections by modifying binaries & rootkits become much more difficult (e.g. theoretically a system that starts out non-compromised cannot become so by modifying existing programs and would need you to actively sign compromised apps before they start).
Here's the overlap and the reason it's bad: from what I understand, the signing authority must be the TPM chip maker. Thus you're relying on potentially someone you don't trust to perform the signing, instead of being able to chose whome to trust. Very likely, it'll be used to strip the user of the capability to do what they want. For example, wanna play a DVD? Only friendly, region-obeying, DVD playing software is allowed. Wanna play music? Only software that honors DRM restrictions allowed.
Re:Thank you! (Score:4, Interesting)
Bullshit, not a single person working on TPM at Intel thinks it will ever work for DRM. I say this as someone who as talked with several of the security architects and TCG liaisons (in a non-professional setting).
TPM does close to nothing to prevent local attacks. What it is meant for is to prevent remote attackers from digging too deep by providing a safe place to store keys.
It is used to sign code. What Joanna did is what she always does, she found a fun way to get arbitrary code to execute when only signed code is supposed to be able to.
Re:Another repeat: the unlockable lock (Score:3, Interesting)
I've been trying to get my friends (the more technically-oriented ones, anyway) to rip to FLACs to keep on their primary machine, and to use my program (see my sig) to convert to decent-quality Oggs or MP3s for portable use.
I convert to Oggs mainly because MP3s aren't designed for gapless playback, and they work with Rockbox. "-q 6" gives VBR at around 192kbps -- more than enough for a portable player going over a pair of earbuds, and I have the FLACs for when I'm sitting at home, with my good headphones.
Bug in 'system software' (Score:2, Interesting)
Re:Wii Homebrew Channel (Score:3, Interesting)
On the same note, has anyone cracked the xbox 360 hardware security? The only thing i see so far is that XFPS device which uses a "man in the middle" attack to hijack the connection between a controller and the console itself.
Comment removed (Score:3, Interesting)