Posted on 08/22/2013 8:19:40 AM PDT by aMorePerfectUnion
"I reported that Windows 8 was dangerous. Some wrote to argue I was wrong. I wrote why NASA announced it was dumping Windows 8 and that even Skype should not be used. Microsoft has been criticized for the Prism affair."
"Now appears that Windows 8 is especially dangerous. The German government warns against Microsoft program because it has the ability to control the hardware and software of the computer. The NSA can enter you computer remotely. Has Microsoft created economic suicide?"
(Excerpt) Read more at armstrongeconomics.com ...
Yes that would be fine for me, but not for my husband. :)
Time for an upgrade?
};^P>
We could have fun with it if we knew how to catch it.
We could play with it because we wouldn’t want our government minders getting bored, because when government minders get bored their minds wander and they get “creative”.
I would call my little “sub-routine” as Wesley Crusher might call it, the Holodeck.
lol
The channel used to transmit the password to the TPM authenticator is the same secure channel used for communications. Direct interception isn’t possible. They could use a keylogger, but then there are larger security problems if someone has a keylogger on their system.
Also, the TPM is enabled and active during the entirety of the session. Accessing the TPM while the system is offline is not possible. Accessing the TPM while the system is asleep is technically possible, but the channels to get to the TPM on an S3 motherboard are not usually open.
TPM stands for Trusted Platform Module for a reason. It’s intended to act as a non-repudiation and platform authenticity modality. If two-factor authentication is used in your environment (i.e. cert and password), this is just another form of authentication of a platform on a network or system.
The Holderdeck?
If Microsoft is giving away their salt and hash algorithms, they will be removed from the entire network of PKI providers because they can’t be certified as authentic. This would be business suicide for MS.
Now, if they are salting the TPMs in Win8 with their own salt and hash algorithms, that’s a different story. THAT is a big security concern for anyone using the platform. That’s a big loss of privacy and access to one’s own system. Hence my disdain for Win8 in general.
MS won’t get any more of my money. Not with great Linux OSes like Ubuntu out there now.
A lot can happen in a tenth of a second on a 1 GHz processor.
The user would never notice that the start-up was a bit slow this one time.
Better, do it at a shutdown where winders is installing updates. No one ever knows how long that's going to take!
Okay, you’re talking about at boot time? Well, again, the password would have to be known to pass to the TPM to access it. Also, the TPM is not exclusively reproducible. The hash must accompany the data or it can’t be decrypted.
Now, speaking directly to the article, the problem with Win8 is Secure Boot. Secure Boot completely takes over the EFI boot mechanism. This essentially mates the hardware to the software. With EFI usurped, now the TPM can be activated and locked down by the software install as opposed to the user. THIS is why the Germans want to divest themselves of Win8, and I absolutely cannot blame them.
Listen, I’m not standing up for MS or Win8. I’m standing up for the TPM. It’s great technology and makes cryptology a little bit easier for the home user IF the TPM is managed by the user himself. Since Secure Boot destroys the user’s ability to secure his own bootloader and also destroys his ability to secure his own TPM, Secure Boot, and Windows 8, destroys privacy in general.
If the concern is encryption of PC data -
There are plenty of encryption systems implemented entirely in software, independent of TPM both for encryption and authentication, that permit whatever key lengths you want.
Yes! During boot. We’re starting to converge.
My understanding is that the system knows the password at boot, therefore the snoop knows it, if not at the first attempt, it can remember what password was used on the first genuine boot up for the second snoop try.
What I’m envisioning is roughly the equivalent of a key logger on the tunnel.
Uh. What’s EFI?
Software can be programmed to provide a ne’er-do-well programmer backdoor access to a system. As someone experienced in IT security, I can tell you that we often default to hardware security for a reason. Hardware has to pass through numerous tests for hardening and security. If major industry players certify a piece of hardware as secure, it’s their very reputation on the line. If there’s a backdoor and it’s discovered, that hardware becomes a liability.
I personally use KeePass and certificates from StartSSL for my personal security, but I can’t understate the importance of a platform security methodology, and that’s the purpose of a TPM.
EFI or UEFI is the up-and-coming replacement for the BIOS. It’s essentially flash memory on the mainboard with a bootloader on it. My 5 year old ASUS motherboard has both BIOS and UEFI. I can turn off UEFI or bypass it, and I do, but many systems nowadays have UEFI BIOS built in.
What does this facilitate? Well, it’s faster than BIOS. It’s also less precarious to flash upgrades. And if your hard drive ever goes tango-uniform, the UEFI can utilize your system and boot into a stripped-down Linux OS to get you online for troubleshooting. It’s not feature-rich, but it works.
The problem with Win8’s Secure Boot is that it locks down the UEFI chip. You are locked out of your own BIOS. In the past, manufacturers would flash your BIOS chip with a proprietary bootloader, and you’d be hamstrung on what settings could be changed. With the UEFI, they can load whatever they want into the BIOS and lock you out of it altogether. That’s what Secure Boot does. Thus, it eliminates your ability to wipe the disk and install Linux or use GRUB to dual-boot. Think about that: if you want to use your machine for something OTHER than Windows, you can’t. That pisses me off, personally.
So that’s really the convergence here. UEFI + TPM being taken over means you have no control or rights to the hardware you own. That’s why the Germans are pissed. I can’t blame them.
Apple is what I use.
There are people who enjoy driving, and there are people who enjoy tinkering under the hood. Apple is for the first group...
Major players in software encryption are no less dependent on reputation.
And many are from very major players, such as Intel and Dell. Everybody has been buying up security companies.
Do you understand the root process of encryption systems? The TPN algorithm is most likely a product of a root encryption system. IOW, all keys generated by a TPM can be unlocked by the root system. And it’s likely proactive. The TPM device with a new key probably ‘checks in’ with the root when a new key is created, retaining decryption of the TPM system.
Doesn’t really work that way. It’s a non-volatile flash module. That means regardless of its power state, the data is saved, much like a USB thumb drive.
And even if you could flash it/reformat it, once you do, you invalidate your copy of Win8. Oh darn, right?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.