Controversial Security Paper Nixed From Black Hat 144
coondoggie writes us with a link to the Network World site, as he tends to do. Today he offers an article discussing the cancellation of a presentation which would have undermined chip-based security on PCs. Scheduled during the Black Hat USA 2007 event, the event's briefing promised to break the Trusted Computing Group's module, as well as Vista's Bitlocker. Live demos were to be included. The presenters pulled the event, and have no interest in discussing the subject any more. "[Presenters Nitin and Vipin Kumar's] promised exploit would be a chink in the armor of hardware-based system integrity that [trusted platform module] (TPM) is designed to ensure. TPM is also a key component of Trusted Computing Group's architecture for network access control (NAC). TPM would create a unique value or hash of all the steps of a computer's boot sequence that would represent the particular state of that machine, according to Steve Hanna, co-chair of TCG's NAC effort."
Reason for pull? (Score:4, Interesting)
Re:Reason for pull? (Score:5, Interesting)
This is interesting enough geek news that I expect some tech journalist somewhere will follow up on it.
DMCA anyone? (Score:5, Insightful)
My guess is that they could not go to the US from fear of being arrested for breaking the DMCA/some other law. I for sure wouldn't go to the US under any circumstances with information on how to defeat any kind of security.
Security by obscurity still seems to be the mantra.
White Castle, Anyone? (Score:1, Offtopic)
Re: (Score:1)
The term 'security by obscurity' has it's place, but it seems like another phrase in a growing list that Slashbots just seem to latch onto whenever they feel like karma whoring (like 'DMCA invocation').
Re: (Score:2)
Every security system in existance has a vulnerability, wether its the passwords, the keys, or the algorithms involved. Every security system in existance is only secure while this information is unknown, therefore every security system in existance is essentially 'security through obscurity'.
Close. The "security through obscurity" mantra is about how much knowledge is required to defeat a system. Knowing the algorithms involved shouldn't be enough. One should have direct access to the system's key(s).
The issue isn't that there's a piece of secret knowledge that unlocks the system. That's a given - passwords, cryptographic keys, etc. are referred to as "secrets" and have nothing to do with the "obscurity" part of the mantra. The issue is whether enough study of a system or general knowledg
Re: (Score:3, Informative)
Whereas, with something like Skype -- which uses a closed-source implementation of christ-knows-what algorithm and handles its
Re: (Score:2)
implying that the public key tells you a and c; the decryption function is
Re: (Score:3, Insightful)
Re: (Score:2)
Security by ignorance is the mantra.
If someone points out a flaw in your security (whether it be a computer, or a bank, or a firebase) logic dictates that you should hear them out at the very least. If indeed you have problem, thank them and then FIX IT, because they are doing you a favor. What seems to be happening nowadays is the exact opposite. Those who are exposing security issues are intimidated into self-censorship and their knowledge ignored.
Re: (Score:2, Informative)
Re: (Score:2)
Re: (Score:2)
Re:Reason for pull? (Score:5, Funny)
It's iPhone Day!!!
Who cares: (Score:1, Offtopic)
Cool factor: 10
Usefulness factor: 5 (it really doesn't do much more than my RAZR V3xx)
Budget fact: -1
Burn karma burn!
Re: (Score:1)
They have to wait in the latest never ending line for the latest eyeGizmo and so, won't be able to attend. "Queues of more than 100 people have already formed outside the company's flagship store in Manhattan, with one gentleman -- the first to form the line -- now in the 4th day of his vigil on 5th Avenue." (emphasis mine)
http://technology.timesonline.co.uk/tol/news/tech_ and_web/article2005122.ece [timesonline.co.uk]
Re: (Score:2)
http://www.wallaceandgromitfoundation.org/ [wallaceand...dation.org]
Re:Reason for pull? (Score:4, Insightful)
My question is why would anyone place their information security "Trust" in MS BitLocker, or Indochinese hardware (TPM chips) that likely already contain built in backdoors for John Law, and corporate drones?
Open Source Full disk encryption is fast and free, open source Firewalls and process restricting software are available for those who just can't resist getting infected with the latest malware. Most Open Source security software developers are likely NOT under the control of Big Brother in any form, be it corporate drones or big government fascists.
So while I'm a little disappointed that the Back Hatters decided to forgo the presentation of cracking TPM, since it was never trustworthy or secure to start with, and since anyone serious about security would never use such a faux security scheme at the outset, cracking TPM and "Trusted Computing" was only a curiosity anyway.
The "Trusted Computing Initiative" is simply a way to provide vendors "Plausible Deniability" and to limit liability for allowing exposed data, nothing more.
Re:Reason for pull? (Score:5, Insightful)
And still there are people, even here on Slashdot, who insist that anonymous speech is not a precondition for free speech.
Re: (Score:2)
Open Source Full disk encryption is fast and free
And why would you trust it any more than MS or Cisco or others? Using "Open source" as an equivalent of "cryptographically impregnable" is a dangerous misconception. A serious company selling security solutions has a compelling interest to ensure t
Re: (Score:2)
You do make some very good points, but because the Full Disk encryption software is not a chip soldered to my Motherboard. If the encryption software I choose is full of holes, I can then replace it with a certified paid product or another open source product.
The issue here is that the "security" offered by MS and TPM isn't all that secure to start with, and you can't get rid of it whether you want it on there or not ... at least not without
Re: (Score:2)
Microsoft on the other hand? Even MS-bashing aside, they have a horrible reputation for security even still. They offer no guarantees of correctness and no warranties (expressly) in the case of failure, even known problems.
An independent coder on the other hand is at least protecting his files...
Re: (Score:2)
See, I've worked for and wit
Re: (Score:2)
Re: (Score:2)
Your right of course If you want whole disk encryption with preboot you need to cough up a hundred bucks or so. If you want hardware based whole disk encryption you won't find any software acceptable because it requires the encryption to be built into the hardware (which I do not yet trust)
But Truecrypt is close enough to be enough (for me anyways).
Re:Reason for pull? (Score:5, Insightful)
Or, perhaps, like in science, they discovered a flaw in their own methodology that rendered the presentation pointless. It does happen. How many times has someone yelled eureka, only to have some genius say, "Uh, Bob, you still have the machine plugged into the grid, it's not under its own power"?
Re: (Score:3, Insightful)
Then why did they not just say that?
Re: (Score:1)
How could a presentation "undermine" security? (Score:5, Insightful)
Re:How could a presentation "undermine" security? (Score:4, Funny)
Re: (Score:1)
Re: (Score:2, Funny)
Where's Lassie when you need her?
...and that problem is transport... (Score:4, Funny)
So our country can be free?
Re: (Score:2)
Re: (Score:3, Insightful)
Agreed. Another possibility is that one of them discovered a flaw with their method. Eleventh-hour bugs right before demos are the most evil ones of all.
Re:How could a presentation "undermine" security? (Score:5, Insightful)
Ding! Ding! Ding! This more than likely is the case. What is more likely to happen? These guys getting silenced and quietly removing their presentation or these guys figuring out they were wrong and quietly removing their presentation. If there was a threat from the company there would have been a leak about the reason for pulling the plug on the presentation. More than likely the presenter discovered a flaw and quietly pulled the plug.
Re: (Score:3, Interesting)
If they were able to do that, most likely they had what they said they had. I'm betting they were threatened with a lawsuit or a criminal complaint.
Re: (Score:1)
I think what's more likely to happen is parties with a business interest in these technologies paying the presenters off to lay low for a time. If I had found a security flaw, and was offered, say $10,000 to shut my mouth about it, I'd do it. It's going to come out anyway, but the delay might be worth millions of dollars... Especially if they manage to find a fix in that time.
Re: (Score:3, Interesting)
Because when it gets found out, I would not be trusted in the future.
Re:How could a presentation "undermine" security? (Score:5, Insightful)
Not saying it's right...but there are both carrots and sticks, and I have no doubt they are both used.
Re: (Score:2)
Re: (Score:2)
"you're" = you are
Re:How could a presentation "undermine" security? (Score:4, Informative)
While I definitely agree that its very plausible the researchers simply discovered that they goofed, I would also note that there is historical precedent [slashdot.org] for other motivations.
Re: (Score:1)
Re: (Score:1, Insightful)
It's very possible that the whole thing was called off because they didn't want to get treated like
Don't give up so easily (Score:2)
Not only that, but the messengers shouldn't give up so easily. They have a responsibility to disclose their findings instead of letting people rely on insecure solutions, or letting them fall victim to losing control of what their PC can/can't do.
Re: (Score:2)
No, there aren't. If there was an anonymous channel that could be used to disclose security flaws, that channel would be used to anonymously trade music, or movies, or something "even worse" and its supporters would be jailed for enabling it.
Until an anonymous channel is created that doesn't require the support of non-anonymous administrators, there won't be any anonymous way to communicate anything.
Re: (Score:2, Troll)
The TPM is designed to prevent the hardware owner from having access to at least one of the digital keys within it, and thereby to prevent the hardware owner from having control over software running in the "trusted", walled-off mode. It is therefore a DRM chip, not a "security" chip.
"Secure" in the sense you are using is from the key-holders' point of view, lik
(Golf clap) (Score:1)
Clarity (Score:2)
Re: (Score:2)
Re: (Score:2)
Interesting meta-commentary (Score:5, Interesting)
(emphasis mine.) Interesting. First time for such meta-commentary by a slashdot editor? I don't think we ever saw the same for one of Roland Piquepaille's many submissions...
Re: (Score:2)
Now crackers will have an advantage... (Score:5, Insightful)
I don't like the whole [trusted platform module] (TPM) because we consumers are are not trusted in the whole scheme.
But for the few us techies that get this P.O.S. "security" system foisted upon them by their clueless/soldout management, wouldn't be nice to be able to explain why the hacker(s) got through the night before?
Re: (Score:2)
If you see this stuff in your commercial home system, it is mostly because, having spent the money to develop this technology for big c
Hardware companies don't seel to consumers (Score:2)
They have to sell their hardware to Microsoft. Oh, sure Microsoft doesn't pay for it directly-- they get consumers (both free citizens and corporations) to do that for them. However, the hardware companies must please Microsoft if they hope to be able to sell their hardware.
If Microsoft feels they are beset by an upstart operating system, one that does not have the financial or political clout to become "trusted," they may very well demand their suppliers p
Re: (Score:2)
Re: (Score:1)
I seem to recall that they have their electronics on a single PCB board.
I hope it's published anyway (Score:1)
Re: (Score:1)
Re: (Score:3, Informative)
Re: (Score:2)
Re: (Score:3, Informative)
You misunderstand the way the TPM works. TPM chip computes a running checksum of a num
Re: (Score:2)
To all intents and purposes, TPM is just a password embedded into the motherboard. All you have to do is examine the hash function and the expected value, and then you can create something that hashes to the same thing. The hash function probably won
Re: (Score:2)
That would be true if it were local software that was doing the checks. The idea of the TPM is that you can use it to prove to a remote computer, not under your control, that your machine is running "blessed" software. The bank can verify that you're running an OS it's comfortable with. An online DRM system can refuse to hand over the key to decrypt media unless you prove your computer is "uncompromised" (and therefore won't make a copy of either the key or the media). You can virtualize your end, but you
Re: (Score:2)
TPM is beatable. I'd even go so far as to say
Re: (Score:2)
You keep forgetting that each packet is encrypted
Re: (Score:2)
Yes, the software is expecting certain kinds of responses blah blah and you can modify the software to accept other inputs as valid. Except that the software is signed and verified at bootup by the TPM. TPM is a chain of trust sort of thing with the root of that trust buried in a chip filled with crypto and digital signatures. Many (damn near all actually) of the suggestions posted here so far violate that chain of trust and will be spotted by the TPM and a flag thr
Re: (Score:2)
You mean helluva a lot of wires. Since the TPM straddles the whole width of data/address busses. In other words you gotta get a specialized board and stick the TPM onto it, following which you have to know precisely the expected memory access/contents change sequences, all the way from the moment the power switch goes into the "on" position on the PC.
Possible? Sure, but at what cost/effort ratio? Furthermore, no more hacking for the unwashed masses unless you've got one of those special,
Re: (Score:2)
You are wrong. The TPM does both signing of remotely originating certificates and decryption key maintenance. That is one of its chief selling points. The decryption keys generated by the TPM a
Re: (Score:2)
TPM can also be used in one of its modes of operation to do on the fly decryption of any stream, instead of the CPU.
That statement is misleading. The TPM standard only defines on-the-fly asymmetric decryption, i.e. with public/private keys. Symmetric, like AES, operations are not externally accessible.
So you've got a choice if you have a large amount of data to decrypt, like say a movie. Either you use the TPM's asymmetric algorithms and wait forever because they are so slow, or you use symmetric algorithms like AES outside the TPM and in the host and just the TPM for key mgmt. That's the approach that a system like
Re: (Score:2)
Not if the AES key is generated per-session, and the contents is encrypted with that session-unique key, based on random tokens supplied by the other end of the connection
Re: (Score:2)
Re: (Score:2)
That depends. There are two obvious ways to make it very difficult: a) demand an online connection to initiate viewing of contents and then send random tokens, not to mention that this will allow the "contents owner" to be able to spy on the poor sod otherwise known as the "consume
Conspiracy shmiracy (Score:5, Insightful)
Probably realized... (Score:3, Insightful)
Correct me if I am wrong, but if someone adds something like this to a remote execution virus, they can install a virtual machine underneath Windows (any version) and have access to all data, including encrypted volumes?
Nah... I'm just paranoid.
Re: (Score:3, Interesting)
So really... (Score:5, Funny)
...more of a dark gray hat then.
Give it time (Score:2, Insightful)
Re: (Score:2)
* Didn't actually work like they said
* Wanted to make some cash-ola on the "sploit"
Big Corporate Illuminati paid them off.
* Found dead after listening Cowboy Neal drone on and on and on and on...
Your choice.
it never existed in the first place. (Score:2)
Scheduled during the Black Hat USA 2007 event, the event's briefing promised to break the Trusted Computing Group's module, as well as Vista's Bitlocker. Live demos were to be included. The presenters pulled the event, and have no interest in discussing the subject any more.
Maybe because it never existed?
1.Announce you're going to present how to break Vista / TCM
2.Collect $$$$ from registrations
3.Claim the presentation is "cancelled"
4.Profit!
Re: (Score:2)
I would give the benefit of the doubt to them.
Nitin and Vipin Kumar are the creators of VBootkit (Score:5, Informative)
Re:Nitin and Vipin Kumar are the creators of VBoot (Score:1)
Paid off? (Score:2)
Occam's razor (Score:2)
Seriously. Keep the conspiracy low.
Re: (Score:2)
You're going to slit your throat holding your razor backwards like that.
The first obviously takes fewer assumptions. MS and various other companies have demonstrated repeatedly that that is *exactly* how they do business on a regular basis. So the only a
Re: (Score:2)
Assumption: MS using legal muscle or threats to quench information about faulty TPA.
Effect of exposure: MS getting flak from the community. Ok, doesn't faze them as we know. MS getting flak from the content providers relying on TPA. Would hurt them seriously more.
Risk of exposure: High, a lot of people would actual
Re: (Score:2)
Personally, I go with the third assumption. It makes the most sense.
No, it really doesn't.
The first choice you listed takes no real assumptions at all. We *know* that that is *exactly* what MS does in these situations, hence not only is it perfectly reasonable to assume they'd keep doing what they always do, it is the default assumption when dealing with them about anything.
Now, it's perfectly possible that the third choice is actually correct, but you will never get there using the information available pl
rings a bell (Score:2)
Wasn't there some movie about this? Nitin and Kumar go to Black Hat, or some such?
Yeah... (Score:2)
Vendors want TPM, not consumers. (Score:4, Insightful)
Re: (Score:1)
Re: (Score:3, Informative)
I do want a trusted computing platform. That's because I know how they work, and you don't. You think it limits what code you can run and takes away your anonymity. But those are all lies, fed to you by opponents of the technology, which you have blindly accepted
Re: (Score:2)
I'm all for more security. I just don't think this is the right way to go about it, and all I can see it realistically being used for is fo
Re: (Score:3, Insightful)
How can you object to people attesting to things? People attest to things all the time. Do you get up in arms over the Good Housekeeping Seal of Approval? Do you insist that it is an infringement on your freedom that you can't use their Seal dishonestly in business?
Or how about the Verisign root CA key? This is the foundation for SSL security on the net. Do y
Re: (Score:3, Insightful)
Because in this case, attestation means requiring a specific set of applications. If you are not using exactly the applications required by a particular service, you'll be locked out of that service. Bad for free software, bad for the free market, bad for the customer, but great for application vendors who can win themselves "trusted" status!
No, that's not what it means. Attestation does not mean requiring a specific set
Re: (Score:2)
Because, as I explained, the point of the TPM is to be an autonomous agent whose statements can be trusted. If you had access to the TPM's keys, you could get it to lie for you, that is, you could lie on its behalf. That would make its statements useless as they would have no truth value, and would eliminate the whole purpose of the technology.
You might as well ask why you can't hav
Re: (Score:2)
Out with it, then. What are these reasons?
How about this for starters: Securing Peer-to-Peer Networks using Trusted Computing [rhul.ac.uk] (Google cache) [64.233.167.104]. This technology can make P2P networks much more immune to attack and surveillance from outside, protecting the privacy and anonymity of participants.