Dailydave mailing list archives
Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes)
From: Dave Aitel <dave () immunityinc com>
Date: Thu, 16 Nov 2006 10:07:34 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 dan () geer org wrote:
| I think the real point here is that the majority of people responsible | for security have a backwards mindset. Most security practitioners | still don't make the assumption that everything is vulnerable and | design around it. Of course IIS is vulnerable to an unpublished 0day. so, should one write apps with the assumption that will be running on compromised hosts? --dan
Which is exactly what a full Palladium install is. The hardware separates processes from the OS in such a way that although the OS can manage your process, it can't read your GPG secret key. The wacky thing is, not only can you authenticate a process this way, but the hypervisor can authenticate over the network too, which means you can authenticate to www.buycrappymusic.com that you are running a completely unmodified audio player which is spitting encrypted sound all the way to the speakers. So there's both good and bad here. GOOD: Attacker with SYSTEM can't get my GPG key or read my email. BAD: RIAA owns me. GOOD: Thieves can't get my credit card off my laptop. BAD: I can't do forensics on the laptop because thief has encrypted his process memory. :> - -dave -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFFXH60B8JNm+PA+iURAqgUAJ9zoYWJNUdZbwGZ7trcvOry/e6gfgCfc6j4 05IJ6bqbvrxh23Bv5DK1gRs= =5RjK -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes), (continued)
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes) Steve Manzuik (Nov 13)
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes) Olef Anderson (Nov 14)
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes) Nicolas RUFF (Nov 14)
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes) David Maynor (Nov 14)
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes) Daniel (Nov 14)
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes) Siim Põder (Nov 14)
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes) Matt Richard (Nov 15)
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes) dan (Nov 16)
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes) Rhys Kidd (Nov 16)
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes) Matt Richard (Nov 16)
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes) Dave Aitel (Nov 16)