Dailydave mailing list archives
RE: A continual revolution
From: "Gage" <12gage () comcast net>
Date: Sun, 19 Jun 2005 11:23:55 -0400
Dave Aitel <dave () immunitysec com> on June 17th wrote:
" One thing I have noticed despite the ongoing termoil is that Microsoft has
been quietly asking for and getting encrypted channels to the screen and the
USB ports. In case anyone wondered why that was, it's because Palladium
requires signed and encrypted channels to your keyboard, mouse, display, and
audio card. When a dialog box comes up from Palladium, it has to have your
password/shared-secret in the border around it, or you will know it's not
from your Pd chip. To do this, all input and output has to be able to be run
through your OS without your OS being able to manipulate it. Does that make
sense? I just think it's important to note that while everyone thinks Pd is
dead, in reality, it's very much alive. Apple, of all companies, is
reportedly using early Pd functionality to prevent you from installing Mac
OS X on non-Apple boxes."
-------------------------------------
My take:
The problem is really BEFORE the encryption is initiated, which is
the time the user depresses the keyboard and the time that the data (input
key from the keyboard), is passed to the encryption algorithm. It is pretty
simple with a system-wide O/S intercept, including the keyboard, to
intercept the keyboard chip and know what key was depressed on the keyboard.
I have sent an example article, with a quote from the article:
"Alas, this is not a strong argument for the scheme, because, as
described in a recent PC Magazine article, it is relatively simple to embed
a keystroke sniffer entirely within a keyboard ahead of the encryption
circuitry. Nor will software sniffers be impossible to produce, unless
Microsoft sees fit to prohibit any and all monitoring, remote control, or
remote administration software -- including its own! -- from being deployed
on the new platform."
http://www.extremetech.com/article2/0,3973,264904,00.asp
In summary, unless Microsoft decides that no security software will work,
including their own, then they must continue to provide (document) ways to
intercept activity.
Happy Father Day to those Dad's out there!!!
Gage
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- A continual revolution Dave Aitel (Jun 17)
- Re: A continual revolution Florian Weimer (Jun 17)
- <Possible follow-ups>
- RE: A continual revolution Thor Larholm (Jun 17)
- RE: A continual revolution Gage (Jun 19)
- Re: RE: A continual revolution Blue Boar (Jun 19)
- Re: RE: A continual revolution Rodney Thayer (Jun 19)
- Re: RE: A continual revolution Blue Boar (Jun 19)