Dailydave mailing list archives
RE: A continual revolution
From: "Gage" <12gage () comcast net>
Date: Sun, 19 Jun 2005 11:23:55 -0400
Dave Aitel <dave () immunitysec com> on June 17th wrote: " One thing I have noticed despite the ongoing termoil is that Microsoft has been quietly asking for and getting encrypted channels to the screen and the USB ports. In case anyone wondered why that was, it's because Palladium requires signed and encrypted channels to your keyboard, mouse, display, and audio card. When a dialog box comes up from Palladium, it has to have your password/shared-secret in the border around it, or you will know it's not from your Pd chip. To do this, all input and output has to be able to be run through your OS without your OS being able to manipulate it. Does that make sense? I just think it's important to note that while everyone thinks Pd is dead, in reality, it's very much alive. Apple, of all companies, is reportedly using early Pd functionality to prevent you from installing Mac OS X on non-Apple boxes." ------------------------------------- My take: The problem is really BEFORE the encryption is initiated, which is the time the user depresses the keyboard and the time that the data (input key from the keyboard), is passed to the encryption algorithm. It is pretty simple with a system-wide O/S intercept, including the keyboard, to intercept the keyboard chip and know what key was depressed on the keyboard. I have sent an example article, with a quote from the article: "Alas, this is not a strong argument for the scheme, because, as described in a recent PC Magazine article, it is relatively simple to embed a keystroke sniffer entirely within a keyboard ahead of the encryption circuitry. Nor will software sniffers be impossible to produce, unless Microsoft sees fit to prohibit any and all monitoring, remote control, or remote administration software -- including its own! -- from being deployed on the new platform." http://www.extremetech.com/article2/0,3973,264904,00.asp In summary, unless Microsoft decides that no security software will work, including their own, then they must continue to provide (document) ways to intercept activity. Happy Father Day to those Dad's out there!!! Gage _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- A continual revolution Dave Aitel (Jun 17)
- Re: A continual revolution Florian Weimer (Jun 17)
- <Possible follow-ups>
- RE: A continual revolution Thor Larholm (Jun 17)
- RE: A continual revolution Gage (Jun 19)
- Re: RE: A continual revolution Blue Boar (Jun 19)
- Re: RE: A continual revolution Rodney Thayer (Jun 19)
- Re: RE: A continual revolution Blue Boar (Jun 19)