Educause Security Discussion mailing list archives
Re: [Possible Spam] Re: New Internet for Security
From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Tue, 17 Feb 2009 15:39:54 -0500
On Tue, 17 Feb 2009 13:08:45 EST, Dennis Meharchand said:
For patch upgrades our chip can be put into an update mode where changes (patches) are kept allowing the changes to be tested. Changes are actually kept on a Change area of the hard disk drive - not immediately written into the secure area. If all is well the changes can be permanently applied into the secure area (Backed Up).
Which doesn't stop a miscreant from saying "I'm Administrator, I'm applying these changes, I'm approving these changes onto the secured area. KTHXBY." Phrased differently, how does your chip know it's talking to a *real* Administrator running with associated privs, as opposed to a subverted process that happens to be running with the same privs? (Note well that it could very well be *the same process* - the first time around a browser hitting windowsupdate.microsoft.com for legitimate patches, the second time around the *same* instance of the browser, but now being hijacked by a drive-by download).
Attachment:
_bin
Description:
Current thread:
- Re: [Possible Spam] Re: New Internet for Security Dennis Meharchand (Feb 17)
- <Possible follow-ups>
- Re: [Possible Spam] Re: New Internet for Security Valdis Kletnieks (Feb 17)