#trustedcomputing — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #trustedcomputing, aggregated by home.social.
-
if you're working on trusted computing at a tech company, know i'll be very mad at you in 20 years when we won't be able to buy real computers anymore and we'll have to either rent a shitty vps from azure or go tear down whatever 2020s era iot devices are still left to steal their MCUs
don't make stuff you know will be used against humanity pretty please
-
@lug_nuernberg Great Meme 🫶 #TPM2 was a child once - for a better understanding, may I add this great animation to your thread? I think it's worth viewing ❤️
https://youtu.be/mLoIcdIu_Kk?si=YULJHV9WXf56U_OZ
#trustedcomputing #tcpa -
À voir! B. Stephan & Lutz Vogel alertent sur l'« informatique de confiance » : un concept qui pourrait servir à mieux nous contrôler. Vidéo percutante pour comprendre les enjeux et défendre nos libertés numériques. #TrustedComputing #InformatiqueDeConfiance #Surveillance #Privacy #LibertésNumériques #Framasoft #PeerTube #French
https://tube.pmj.rocks/videos/watch/d39bb29c-60ec-4c10-a8d9-9beae0c6f3a0 -
How One 1990s Browser Decision Created Big Tech’s Data Monopolies (And How We Might Finally Fix It)
-
Bellissimo 👍
Ma per avere una qualche forma di penetrazione nei media nostrani, IMHO, andrebbe tradotto e soprattutto doppiato in italiano (e poi in ogni lingua, ovviamente)
Faccio un esempio pratico: la (bella) campagna sul #trustedComputing (tra l'altro argomento ancora valido)
E' stato fatto un video e poi doppiato in ogni lingua. Eccolo in italiano
-
Solo dal 2023 l'AI è diventata parte del discorso di tutti: il suo utilizzo, l'addestramento con nostri dati, le opposizioni ecc.
Ma ogni tanto mi piace condividere ciò che succedeva già 17 anni fa, che ha posto le basi per tutto ciò, ma che in pochi tenevano in considerazione
-
EU to Apple: “Let Users Choose Their Software”; Apple: “Nah”
https://www.eff.org/deeplinks/2024/10/eu-apple-let-users-choose-their-software-apple-nah
#DigitalServicesAct #TrustedComputing #EUPolicy #BigTech #DRM
-
And, once again, "trusted computing" should not be trusted…
L. Wilke et al, "TDXdown: Single-Stepping and Instruction Counting Attacks against Intel TDX"¹
[…]
Intel recently launched Intel TDX, its second generation TEE, which protects whole virtual ma- chines (VMs). To minimize the attack surface to side-channels, TDX comes with a dedicated single-stepping attack countermeasure.
In this paper, we systematically analyze the single-stepping coun- termeasure of Intel TDX and show, for the first time, that both, the built-in detection heuristic as well as the prevention mechanism, can be circumvented. We reliably single-step TDX-protected VMs by deluding the TDX security monitor about the elapsed processing time used as part of the detection heuristic. Moreover, our study reveals a design flaw in the single-stepping countermeasure that turns the prevention mechanism against itself: An inherent side- channel within the prevention mechanism leaks the number of instructions executed by the TDX-protected VM, enabling a novel attack we refer to as StumbleStepping. Both attacks, single-stepping and StumbleStepping, work on the most recent Intel TDX enabled Xeon Scalable CPUs.Using StumbleStepping, we demonstrate a novel end-to-end at- tack against wolfSSL’s ECDSA implementation, exploiting a con- trol flow side-channel in its truncation-based nonce generation algorithm. We provide a systematic study of nonce-truncation im- plementations, revealing similar leakages in OpenSSL, which we exploit with our single-stepping primitive. Finally, we propose de- sign changes to TDX to mitigate our attacks.
[…]
#TDX #TrustedComputing #Intel
__
¹ https://uzl-its.github.io/tdxdown/ -
I feel like a #TPM should have a little tag on it that tells people what it does; "If you disconnect me from this computer all the data on it becomes unreadable. Pull in case of cops. Pull and destroy!"
#trustedComputing #encryption #uefi #cryptography #security #infosec
-
You likely use the #InternetofThings (#IoT) each day for work, school, or leisure - but do you know how to safeguard the devices you use within it from #digitalthreats?
#Dataprivacy and #digitalsecurity skills can be for everyone! Learn how to stay protected in the article by #Cybersecurity Expert Simone Bertulli:
#LPI #SecurityEssentials #malware #openstandards #attestation #Linux #bluebugging #TrustedComputing #cryptography #tech
-
How Windows uses the TPM | Windows Security | Microsoft Learn
A really nice, clear overview of trusted platform modules:
https://learn.microsoft.com/en-us/windows/security/hardware-security/tpm/how-windows-uses-the-tpm
-
CW: Long thread/5
#20yrsago First corporate sponsorship for an #MMORPG guild https://web.archive.org/web/20040426073811/https://www.warcry.com/scripts/columns/view_sectionalt.phtml?site=15&id=108&colid=1675
#20yrsago More non-evil #SocialNetwork ideas https://web.archive.org/web/20040217043710/http://www.ambiguous.org/archive.php3/2004/01/30#quinn2004130.1
#20yrsago When #SpamFilters attack https://web.archive.org/web/20040529003653/https://www.oblomovka.com/entries/2004/01/30#1075490400
#20yrsago Mobile interface myths https://web.archive.org/web/20040205050015/https://www.acm.org/chapters/chi-sqrd/meetings/20040310.html
#20yrsago Totalitarian #TrustedComputing https://web.archive.org/web/20040205084716/http://costik.com/weblog/2004_01_01_blogchive.html#107547544736650899
#20yrsago Your customers don’t want #DRM, part MMMCCXI https://www.wired.com/2004/01/stores-nix-disposable-flicks/
5/
-
#CyberSecurity #TrustedComputing: "After all, a system that treats the device's owner as an adversary is a natural ally for the owner's other, human adversaries. The rubric for treating the owner as an adversary focuses on the way that users can be fooled by bad people with bad programs. If your computer gets taken over by malicious software, that malware might intercept queries from your antivirus program and send it false data that lulls it into thinking your computer is fine, even as your private data is being plundered and your system is being used to launch malware attacks on others.
These separate, non-user-accessible, non-updateable secure systems serve a nubs of certainty, a remote fortress that observes and faithfully reports on the interior workings of your computer. This separate system can't be user-modifiable or field-updateable, because then malicious software could impersonate the user and disable the security chip.
It's true that compromised computers are a real and terrifying problem. Your computer is privy to your most intimate secrets and an attacker who can turn it against you can harm you in untold ways. But the widespread redesign of out computers to treat us as their enemies gives rise to a range of completely predictable and – I would argue – even worse harms. Building computers that treat their owners as untrusted parties is a system that works well, but fails badly." https://pluralistic.net/2024/01/18/descartes-delenda-est/#self-destruct-sequence-initiated
-
CW: Long thread/6
I know it's weird to be worried about realism in movies that pretend we will find a practical means to visit other star systems and shuttle between them (which we are very, very unlikely to do):
https://pluralistic.net/2024/01/09/astrobezzle/#send-robots-instead
But this kind of foolishness galls me. It galls me more when it happens in the *real* world of technology design, which is why I've spent the past quarter-century being *very cross* about #DigitalRightsManagement in general, and #TrustedComputing in particular.
6/
-
CW: Long thread/6
I know it's weird to be worried about realism in movies that pretend we will find a practical means to visit other star systems and shuttle between them (which we are very, very unlikely to do):
https://pluralistic.net/2024/01/09/astrobezzle/#send-robots-instead
But this kind of foolishness galls me. It galls me more when it happens in the *real* world of technology design, which is why I've spent the past quarter-century being *very cross* about #DigitalRightsManagement in general, and #TrustedComputing in particular.
6/
-
CW: Long thread/6
I know it's weird to be worried about realism in movies that pretend we will find a practical means to visit other star systems and shuttle between them (which we are very, very unlikely to do):
https://pluralistic.net/2024/01/09/astrobezzle/#send-robots-instead
But this kind of foolishness galls me. It galls me more when it happens in the *real* world of technology design, which is why I've spent the past quarter-century being *very cross* about #DigitalRightsManagement in general, and #TrustedComputing in particular.
6/
-
CW: Long thread/6
I know it's weird to be worried about realism in movies that pretend we will find a practical means to visit other star systems and shuttle between them (which we are very, very unlikely to do):
https://pluralistic.net/2024/01/09/astrobezzle/#send-robots-instead
But this kind of foolishness galls me. It galls me more when it happens in the *real* world of technology design, which is why I've spent the past quarter-century being *very cross* about #DigitalRightsManagement in general, and #TrustedComputing in particular.
6/
-
CW: Long thread/6
I know it's weird to be worried about realism in movies that pretend we will find a practical means to visit other star systems and shuttle between them (which we are very, very unlikely to do):
https://pluralistic.net/2024/01/09/astrobezzle/#send-robots-instead
But this kind of foolishness galls me. It galls me more when it happens in the *real* world of technology design, which is why I've spent the past quarter-century being *very cross* about #DigitalRightsManagement in general, and #TrustedComputing in particular.
6/
-
CW: Long thread/4
#20yrsago #SCO sends IBM 1,000,000 pieces of paper https://memex.craphound.com/2003/12/10/sco-sends-ibm-1000000-pieces-of-paper/
#20yrsago #UrbanFarmers reclaim #Detroit https://www.nytimes.com/2003/12/04/garden/in-the-capital-of-the-car-nature-stakes-a-claim.html
#20yrsago @stevenlevy on #TrustedComputing https://web.archive.org/web/20031212101452/http://www.msnbc.com/news/998345.asp
#20yrsago London #TubeMap, remixed https://memex.craphound.com/2003/12/11/london-tube-map-remixed/
#20yrsago Transformation from the Internet as a subset of telecom to telecom as a subset of the Internet https://web.archive.org/web/20040202211357/https://werbach.com/blog/2003/12/11.html#a1334
4/
-
CW: Long thread/4
#20yrsago #SCO sends IBM 1,000,000 pieces of paper https://memex.craphound.com/2003/12/10/sco-sends-ibm-1000000-pieces-of-paper/
#20yrsago #UrbanFarmers reclaim #Detroit https://www.nytimes.com/2003/12/04/garden/in-the-capital-of-the-car-nature-stakes-a-claim.html
#20yrsago @stevenlevy on #TrustedComputing https://web.archive.org/web/20031212101452/http://www.msnbc.com/news/998345.asp
#20yrsago London #TubeMap, remixed https://memex.craphound.com/2003/12/11/london-tube-map-remixed/
#20yrsago Transformation from the Internet as a subset of telecom to telecom as a subset of the Internet https://web.archive.org/web/20040202211357/https://werbach.com/blog/2003/12/11.html#a1334
4/
-
CW: Long thread/4
#20yrsago #SCO sends IBM 1,000,000 pieces of paper https://memex.craphound.com/2003/12/10/sco-sends-ibm-1000000-pieces-of-paper/
#20yrsago #UrbanFarmers reclaim #Detroit https://www.nytimes.com/2003/12/04/garden/in-the-capital-of-the-car-nature-stakes-a-claim.html
#20yrsago @stevenlevy on #TrustedComputing https://web.archive.org/web/20031212101452/http://www.msnbc.com/news/998345.asp
#20yrsago London #TubeMap, remixed https://memex.craphound.com/2003/12/11/london-tube-map-remixed/
#20yrsago Transformation from the Internet as a subset of telecom to telecom as a subset of the Internet https://web.archive.org/web/20040202211357/https://werbach.com/blog/2003/12/11.html#a1334
4/
-
CW: Long thread/4
#20yrsago #SCO sends IBM 1,000,000 pieces of paper https://memex.craphound.com/2003/12/10/sco-sends-ibm-1000000-pieces-of-paper/
#20yrsago #UrbanFarmers reclaim #Detroit https://www.nytimes.com/2003/12/04/garden/in-the-capital-of-the-car-nature-stakes-a-claim.html
#20yrsago @stevenlevy on #TrustedComputing https://web.archive.org/web/20031212101452/http://www.msnbc.com/news/998345.asp
#20yrsago London #TubeMap, remixed https://memex.craphound.com/2003/12/11/london-tube-map-remixed/
#20yrsago Transformation from the Internet as a subset of telecom to telecom as a subset of the Internet https://web.archive.org/web/20040202211357/https://werbach.com/blog/2003/12/11.html#a1334
4/
-
CW: Long thread/4
#20yrsago #SCO sends IBM 1,000,000 pieces of paper https://memex.craphound.com/2003/12/10/sco-sends-ibm-1000000-pieces-of-paper/
#20yrsago #UrbanFarmers reclaim #Detroit https://www.nytimes.com/2003/12/04/garden/in-the-capital-of-the-car-nature-stakes-a-claim.html
#20yrsago @stevenlevy on #TrustedComputing https://web.archive.org/web/20031212101452/http://www.msnbc.com/news/998345.asp
#20yrsago London #TubeMap, remixed https://memex.craphound.com/2003/12/11/london-tube-map-remixed/
#20yrsago Transformation from the Internet as a subset of telecom to telecom as a subset of the Internet https://web.archive.org/web/20040202211357/https://werbach.com/blog/2003/12/11.html#a1334
4/
-
You get subjected to draconian tech like #DRM, #TrustedComputing, #RemoteAttestation and #PartsPairing in the name of protecting IP. What about your IP? The code you write, the paintings you make and even your online comments get fed into #AI and reproduced wholly or in part elsewhere, in the name of #fairuse. What is common to these seemingly contradictory, if not hypocritical measures? Those who promote it have the money to deploy them in mass and fight you in court if you challenge them.
-
CW: Long thread/4
#20yrsago #OwnerOverride: a proposal to fix #TrustedComputing https://www.linuxjournal.com/article/7055
#10yrsago #RobFord stripped of powers https://www.thestar.com/news/gta/city-hall/rob-ford-councillors-strip-mayor-of-certain-powers/article_c531a981-ab9a-5818-abef-83dc0ba6cf89.html
#5yrsago #GildedAge watch: America’s firefighting is turning into a two-tier system, with private services for the 1% https://www.theatlantic.com/technology/archive/2018/11/kim-kardashian-kanye-west-history-private-firefighting/575887/
#5yrsago One year later: kids #SmartWatches are still a privacy and security dumpster fire https://www.pentestpartners.com/security-blog/consumer-advice-kids-gps-tracker-watch-security/
4/
-
Es gibt einen Angriff gegen die #AMD Speicherverschlüsselung. Damit sollte #TrustedComputing in der #Cloud schwer angezaehlt sein.
-
BIOS update went off without a hitch!
Except I had to disable the firmware trusted computing module and reenter my Bitlocker key because I just *had* to install a real TCM
I really like #Gigabyte's #Qflash feature. Makes BIOS updates a breeze!
#hardware #pcbuilding #trustedComputing #bios #bitlocker #encryption #motherboard
-
#TrustedComputing needs to fucking die, #WEI may be dead, but TC is alive on most mobile devices, and it's taking hold on desktops once again too.
TC must be illegal.
-
CW: Long thread/5
#20yrsago @eff's #TrustedComputing white-paper https://web.archive.org/web/20031004073707/https://www.eff.org/Infra/trusted_computing/20031001_tc.php
#10yrsago Toronto cops bust Mayor #RobFord’s fixer/muscle/driver/dealer https://www.thestar.com/news/gta/city-hall/mayor-rob-ford-s-friend-sandro-lisi-who-sought-video-one-of-two-arrested-in/article_845c0feb-b9a0-5d1f-a411-aa18a6ddf58e.html
#10yrsago Porno #CopyrightTroll #JohnSteele accused of identity theft — by his mother-in-law https://arstechnica.com/tech-policy/2013/10/prendas-john-steele-accused-of-identity-theft-by-his-own-mother-in-law/
#10yrsago Asteroid named after Randall “#XKCD” Munroe https://blog.xkcd.com/2013/09/30/asteroid-4942-munroe/
#10yrsago HOWTO make $200,000 off of the above-inflation USPS postage hike https://qz.com/128329/a-step-by-step-guide-to-profiting-off-the-3-cent-hike-on-us-postage-stamps
5/
-
This renders also most usecases of #trustedcomputing into the void.
A success attack to #sgx if someone has access to the hardware is exactly the #security threat it should protect from. Important for #cloud and #kubernetes users. Sorry.
Tesla Jailbreak Unlocks Theft of In-Car Paid Features
https://www.darkreading.com/application-security/tesla-jailbreak-unlocks-theft-in-car-paid-features -
Weird take:
SafetyNet being utterly broken actually did more harm than good, because a lot of people have picked up the misconception that TC-like or DRM tech doesn't work and can be easily broken.
It gives you a false confidence in the status quo. It would only take Google flipping a switch to completely nuke this.
They've "fixed" it, the only reason basic attestation is still around is because of older devices and maybe some internal politics, but apps can already require strong attestation.
-
CW: WEI, Trusted Computing, and some counter proposals, long
Something that really bothers me about #WEI and similar things like PAT (assuming good faith of course, which for WEI I can't, because why would it exist if PAT is a better designed system) is that if these big corporations really wanted to crack the problem of verifying that a human is making a request in a way that doesn't threaten software freedom, they could!
In fact Cloudflare's proposal to use Webauthn for this was already much better. The key (pun totally intended) is separation of responsibilities. The part of the hardware that does the attestation must be physically incapable of making assertions about your boot state or software stack in general.
And any verification of software integrity? That's for the user, you must design the firmware in a way that can notify the user if anything is changed. This isn't too crazy with how complicated firmware already is on modern devices, and it already exists.
-
https://www.linuxjournal.com/article/7055
Dated 2003.
I was less than 1 year old when this was written, and yet it couldn't be more relevant now that I'm 20.
Here's a quote:
Creating a reliable way for a third party to determine what software you're using is a pernicious project. Today, it's trivial to fool “Internet Explorer only” sites: change how your browser identifies itself, and there is nothing the other end can do. With TCPA's remote attestation, a site that insists on an attestation would receive the whole truth or a highly suspicious “No Comment”.
-
Do #trustedcomputing guys use IPMI/KVM? How do you trust the peripheral buses aren't intercepted?
-
Here’s How The Precursor Protects Your Privacy - At some point, you will find yourself asking – is my device actually running the c... - https://hackaday.com/2022/08/06/heres-how-the-precursor-protects-your-privacy/ #trustedcomputing #handheldshacks #securityhacks #bunniestudios #bunniehuang #betrusted #precursor #bunnie #trust #fpga
-
Here’s How The Precursor Protects Your Privacy - At some point, you will find yourself asking – is my device actually running the c... - https://hackaday.com/2022/08/06/heres-how-the-precursor-protects-your-privacy/ #trustedcomputing #handheldshacks #securityhacks #bunniestudios #bunniehuang #betrusted #precursor #bunnie #trust #fpga
-
CCA-Funktionen schützen Daten im RAM von Servern, Smartphones und Computern selbst vor dem Admin; CCA zielt auf Cloud-Rechenzentren, aber auch Endgeräte. ARM Confidential Compute Architecture: Details zur ARMv9-CCA