|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Pete Herzog (pete
isecom.org)
Date: Tue Jul 03 2007 - 08:47:44 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi,
Following the thread about the BH US presentation on the TPMkit
(http://www.nvlabs.in/?q=node/32) being canceled, the discussion has
entered on the internal list now at www.opentc.net. The idea there is to
build a secure and trusted system using the TPM, virtualization, and open
source software. A good portion of that process requires security testing
of all trusted system components including the TPM software. So talk of
such things like the TPMkit are apt to pop up.
Apparently, there is a TPM attack at the boot process and from the opentc
mailing list the following papers are mentioned:
https://www.cosic.esat.kuleuven.be/publications/article-591.pdf
http://os.inf.tu-dresden.de/papers_ps/kauer07-oslo.pdf
So there is definite truth behind the proposed concept unfortunately it was
already public knowledge. Maybe they had something else in mind? What
makes me suspicious is the pop-star-like hype of their announcement about
TPMkit equating the TPM to DRM in an attempt to make a flashier announcement.
Sincerely,
-pete.
--
Pete Herzog - Managing Director - peteisecom.org
ISECOM - Institute for Security and Open Methodologies
www.isecom.org - www.osstmm.org
www.hackerhighschool.org - www.isestorm.org
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]