[Dailydave] "The organization I belong to doesn't have initals"(that evil dude in Heroes)
Dave Aitel
dave at immunityinc.com
Thu Nov 16 15:07:34 Local tim 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
dan at geer.org wrote:
> | I think the real point here is that the majority of people responsible
> | for security have a backwards mindset. Most security practitioners
> | still don't make the assumption that everything is vulnerable and
> | design around it. Of course IIS is vulnerable to an unpublished 0day.
>
>
> so, should one write apps with the assumption that
> will be running on compromised hosts?
>
> --dan
Which is exactly what a full Palladium install is. The hardware
separates processes from the OS in such a way that although the OS can
manage your process, it can't read your GPG secret key. The wacky
thing is, not only can you authenticate a process this way, but the
hypervisor can authenticate over the network too, which means you can
authenticate to www.buycrappymusic.com that you are running a
completely unmodified audio player which is spitting encrypted sound
all the way to the speakers.
So there's both good and bad here. GOOD: Attacker with SYSTEM can't
get my GPG key or read my email. BAD: RIAA owns me. GOOD: Thieves
can't get my credit card off my laptop. BAD: I can't do forensics on
the laptop because thief has encrypted his process memory. :>
- -dave
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFFXH60B8JNm+PA+iURAqgUAJ9zoYWJNUdZbwGZ7trcvOry/e6gfgCfc6j4
05IJ6bqbvrxh23Bv5DK1gRs=
=5RjK
-----END PGP SIGNATURE-----
More information about the Dailydave
mailing list