Trusted Computing Not So Trustworthy
from the but-of-course... dept
As pretty much anyone in computer security recognizes, any bit of "secure" computing is only secure for a limited period of time. Eventually, the security will be cracked. Yet, we still keep hearing about expectations for some new technologies to solve all our security problems. For example, we've been hearing for years about the wonders of "trusted computing," which basically gets mocked every time some company tries to roll it out (which is why it's gone through five or six name changes over the years). The latest news is that Intel's implementation of a trusted computing offering, called Trusted Execution Technology, has security vulnerabilities that allow it to be circumvented. In other words, it's not trustworthy, nor secure. Of course, it's not widely used, either, so it's not a big deal. But, once again, there is no magic bullet for security that solves all security problems.Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: security, trusted computing, vulnerabilities
Companies: intel
Reader Comments
Subscribe: RSS
View by: Time | Thread
Whose security are they attempting to protect ?
This is just another in a series of sad excuses for taking away any remaining rights you thought you still had.
[ link to this | view in thread ]
Here's one way of easy way of secure computing:
[ link to this | view in thread ]
How to make a computer truely secure.
Step 2. Mix 10 bags of reddi-mix concrete with water.
Step 3. Place computer in bottom of form sitting on a slab of concrete 2 inches thick.
Step 4. Pour reddi-mix.
Step 5. Wait 24 hours.
You now have a secure computer!
[ link to this | view in thread ]
How to make a computer truely secure. (ammendum)
The alternative!
Step 1. Give it to me.
Step 2. Forget it ever existed.
Muhahahaha!
[ link to this | view in thread ]
Re: How to make a computer truely secure.
[ link to this | view in thread ]
Never touch a computer.
[ link to this | view in thread ]
Security My A$$
As for the end user, the only use case that I have heard of in real life involves using these kinds of security modules as part of a whole-drive encryption scheme. Which sounds good, but I dislike the fact that the encryption happens inside a black box, where the actual cipher key is not known (and is not supposed to be knowable) to the end user. To me, that just means that I would need to keep a separate (encrypted) copy of anything and everything on the drive, since I have no way to recover the data should the trust module experience an operational failure. Good backups are of course a part of overall data security as well, but the 'black box' aspect of how these systems work gives me, a certified information security professional, less confidence rather than more in the system as a whole.
[ link to this | view in thread ]
Re: Whose security are they attempting to protect ?
[ link to this | view in thread ]
[ link to this | view in thread ]
Trusted Computing == Oxymoron
The TC proponents want your computing to be trusted to not do anything with their content that you have not paid for. It's that simple, but as always, you have to ask - What could possibly go wrong ?
Any way you look at it, this attempt is doomed to failure.
Oh, and one more thing. There is one more piece to the puzzle which Pinky and the Brain need in order to take over the world. They need to outlaw any platform that does not meet their specifications.
[ link to this | view in thread ]
"Trusted" Computing
[ link to this | view in thread ]
Real Security
Then have 0 internet access and put it in a secure room since physical security isn't usually a problem if it is implemented correctly. You could combine IR, Audible, and laser intruder detection then have a hard 30 minute boot up time. All this inside a continuously occupied building with armed security.
Then all you have to worry about is someone faking the credentials to get into the computer room and not being found out for 30 minutes. And that shouldn't be too hard to accomplish.
[ link to this | view in thread ]
Computer security will never be secure in a consumer market
There will always be smart competitors who sell systems equally good, but without the security and at a lower price, and consumers will choose that product.
[ link to this | view in thread ]
Re: "Trusted" Computing
[ link to this | view in thread ]
Re: Real Security
[ link to this | view in thread ]
Not perfect, as no security technology ever will be. But these are the steps needed to protect in an enterprise environment, heavily regulated industry, etc. For folks worried about DRM, understandable concern but there will ALWAYS be options without embedded hardware encryption to choose for personal use, so take an extra look at what you're buying before you purchase a new laptop, etc.
[ link to this | view in thread ]