RE: Free Rootkit with Every New Intel Machine

2007-07-02 Thread Ian Farquhar \(ifarquha\)
Dave Korn wrote: > Ian Farquhar wrote: >> Maybe I am showing my eternal optimist side here, but to me, this is >> how TPM's should be used, as opposed to the way their backers >> originally wanted them used. A removable module whose connection to a >> device I establish (and can de-establish, a

Re: Free Rootkit with Every New Intel Machine

2007-06-30 Thread David G. Koontz
Looking for TPM enterprise adoption. The current version of TPM was adopted in March o f 2006, which should have limited TPM up take. There's an article in Network World http://www.networkworld.com/allstar/2006/092506-chip-security-papa-gino.html from September 2006 talking about a restaurant ch

Re: Free Rootkit with Every New Intel Machine

2007-06-30 Thread David G. Koontz
http://www.nvlabs.in/?q=node/32 Vipin Kumar of of NVLabs had announced a break of TPM and a demonstration of a break into Bitlocker, (presumably using TPM) to be presented at Black Hat 2007. The presentation has been pulled. Significance to the exchanges on cryptography under this subject stem f

Re: Free Rootkit with Every New Intel Machine

2007-06-27 Thread "Hal Finney"
Peter Gutmann writes: > BitLocker just uses the TPM as a glorified USB key (sealing a key in a TPM is > functionally equivalent to encrypting it on a USB key). Since BitLocker isn't > tied to a TPM in any way (I'm sure Microsoft's managers could see which way > the wind was blowing when they desig

Re: Free Rootkit with Every New Intel Machine (aka TPM, AMT)

2007-06-27 Thread Jeff . Hodges
i'd also scrawled: > my understanding from a person active in the NEA working group [1] (IETF) > is that TPMs these days "come along for free" because they're included on-die > in at least one of said chips. [EMAIL PROTECTED] said: > Check again. A few months ago I was chatting with someone who

Re: Free Rootkit with Every New Intel Machine

2007-06-27 Thread Jacob Appelbaum
Jon Callas wrote: > > On Jun 25, 2007, at 7:23 PM, Matt Johnston wrote: > >> On Mon, Jun 25, 2007 at 04:42:56PM +1200, David G. Koontz wrote: >>> Apple (mis)uses >>> TPM to unsuccessfully prevent OS X from running on non-Apple Hardware. >>> All Apple on Intel machines have TPM, that's what 6 pe

Re: Free Rootkit with Every New Intel Machine

2007-06-26 Thread Jon Callas
On Jun 25, 2007, at 7:23 PM, Matt Johnston wrote: On Mon, Jun 25, 2007 at 04:42:56PM +1200, David G. Koontz wrote: Apple (mis)uses TPM to unsuccessfully prevent OS X from running on non-Apple Hardware. All Apple on Intel machines have TPM, that's what 6 percent of new PCs? To nit pick,

Re: Free Rootkit with Every New Intel Machine

2007-06-26 Thread Alexander Klimov
On Mon, 25 Jun 2007, Hal Finney wrote: > The idea of putting a TPM on a smart card or other removable device is > even more questionable from this perspective. A TPM which communicates > via an easily accessible and tamperable bus is almost useless for the > security concepts behind the Trusted Co

Re: Free Rootkit with Every New Intel Machine

2007-06-26 Thread David G. Koontz
David G. Koontz wrote: > > I picked on one motherboard, a Gigabyte GA-P3-DQ6 which has the 20 pin > header for the IEI TPM pluggable. After an extensive investigation I > found no direct evidence you can actually do as Peter states and roll > your own building a TPM enabled system. That includes

RE: Free Rootkit with Every New Intel Machine

2007-06-26 Thread Dave Korn
On 26 June 2007 00:51, Ian Farquhar (ifarquha) wrote: >> It seems odd for the TPM of all devices to be put on a pluggable module as >> shown here. The whole point of the chip is to be bound tightly to the >> motherboard and to observe the boot and initial program load sequence. > > Maybe I am sh

RE: Free Rootkit with Every New Intel Machine

2007-06-26 Thread "Hal Finney"
Ian Farquhar writes: > [Hal Finney wrote:] > > It seems odd for the TPM of all devices to be put on a pluggable module as > > shown here. The whole point of the chip is to be bound tightly to the > > motherboard and to observe the boot and initial program load sequence. > > Maybe I am showing my

Re: Free Rootkit with Every New Intel Machine

2007-06-26 Thread David G. Koontz
Peter Gutmann wrote: > "David G. Koontz" <[EMAIL PROTECTED]> writes: > >> There are third party TPM modules, which could allow some degree of >> standardization: > > As I said in my previous message, just because they exist doesn't mean they'll > do anything if you plug them into a MB with the ne

Re: Free Rootkit with Every New Intel Machine

2007-06-26 Thread Peter Gutmann
[EMAIL PROTECTED] ("Hal Finney") writes: >The idea of putting a TPM on a smart card or other removable device is even >more questionable from this perspective. It's not just questionable, it's a really, really bad idea. TPMs are fundamentally just severely feature-crippled smart cards. That is,

Re: Free Rootkit with Every New Intel Machine

2007-06-25 Thread Matt Johnston
On Mon, Jun 25, 2007 at 04:42:56PM +1200, David G. Koontz wrote: > Apple (mis)uses > TPM to unsuccessfully prevent OS X from running on non-Apple Hardware. > All Apple on Intel machines have TPM, that's what 6 percent of new PCs? To nit pick, the TPM is only present in some Apple Intel machines

RE: Free Rootkit with Every New Intel Machine

2007-06-25 Thread Ian Farquhar \(ifarquha\)
> It seems odd for the TPM of all devices to be put on a pluggable module as > shown here. The whole point of the chip is to be bound tightly to the > motherboard and to observe the boot and initial program load sequence. Maybe I am showing my eternal optimist side here, but to me, this is how

Re: Free Rootkit with Every New Intel Machine

2007-06-25 Thread "Hal Finney"
David G. Koontz writes: > There are third party TPM modules, which could allow some degree of > standardization: > > http://www.ieiworld.com/en/news_content.asp?id=erbium/projectOBJ00244201&news_cate=News&news_sub_cate=Product > > The IEI TPM module is used in their own motherboards and some VIA >

RE: Free Rootkit with Every New Intel Machine

2007-06-25 Thread Leichter, Jerry
| ...Apple is one vendor who I gather does include a TPM chip on their | systems, I gather, but that wasn't useful for me. Apple included TPM chips on their first round of Intel-based Macs. Back in 2005, there were all sorts of stories floating around the net about how Apple would use TPM to preven

Re: Free Rootkit with Every New Intel Machine

2007-06-25 Thread Peter Gutmann
"David G. Koontz" <[EMAIL PROTECTED]> writes: >There are third party TPM modules, which could allow some degree of >standardization: As I said in my previous message, just because they exist doesn't mean they'll do anything if you plug them into a MB with the necessary header (assuming you have a

Re: Free Rootkit with Every New Intel Machine

2007-06-25 Thread David G. Koontz
Peter Gutmann wrote: > "Ian Farquhar (ifarquha)" <[EMAIL PROTECTED]> writes: > >> For example: the Gigabyte GA-965QM-DS2 (rev 2.0) which "features security >> enhancement by TPM". More common (ASUS, Foxconn) was the "TPM Connector", >> which seemed to be a hedged bet, by replacing the cost of the

RE: Free Rootkit with Every New Intel Machine

2007-06-24 Thread Peter Gutmann
"Ian Farquhar (ifarquha)" <[EMAIL PROTECTED]> writes: >For example: the Gigabyte GA-965QM-DS2 (rev 2.0) which "features security >enhancement by TPM". More common (ASUS, Foxconn) was the "TPM Connector", >which seemed to be a hedged bet, by replacing the cost of the TPM chip with >the cost of a s

RE: Free Rootkit with Every New Intel Machine

2007-06-24 Thread Ian Farquhar \(ifarquha\)
D] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Gutmann Sent: Saturday, 23 June 2007 10:49 PM To: [EMAIL PROTECTED] Cc: cryptography@metzdowd.com Subject: Re: Free Rootkit with Every New Intel Machine [EMAIL PROTECTED] writes: >my understanding from a person active in the NEA working group (IETF)

Re: Free Rootkit with Every New Intel Machine

2007-06-23 Thread Ivan Krstić
Peter Gutmann wrote: > I've seen all sorts of *claims* of TPM support, but try going out and buying a > PC with one Of the 25 business laptop models that HP offers on its site right now, only 5 don't have a TPM installed. -- Ivan Krstić <[EMAIL PROTECTED]> | GPG: 0x147C722D

Re: Free Rootkit with Every New Intel Machine

2007-06-23 Thread Peter Gutmann
[EMAIL PROTECTED] writes: >my understanding from a person active in the NEA working group (IETF) is that >TPMs these days "come along for free" because they're included on-die in at >least one of said chips. Check again. A few months ago I was chatting with someone who works for a large US compu

Re: Free Rootkit with Every New Intel Machine

2007-06-23 Thread Ivan Krstić
[EMAIL PROTECTED] wrote: > the way in that IT depts ensure that vic...er...employees don't turn 'em off > (as I understand it) is they set the BIOS admin password on their "assets" > (computers) before their give them out. Right, but I think people's fears about Active Management are mostly rela

Re: Free Rootkit with Every New Intel Machine

2007-06-22 Thread Jeff . Hodges
[EMAIL PROTECTED] said: > With TPMs it's a bit different, they're absent from the hardware by default in case you're referring to the TCPA (trusted computing platform alliance) TPM.. my understanding from a person active in the NEA working group (IETF) is that TPMs these days "come along for f

Re: Free Rootkit with Every New Intel Machine

2007-06-21 Thread Peter Gutmann
=?UTF-8?B?SXZhbiBLcnN0acSH?= <[EMAIL PROTECTED]> writes: >It appears Active Management is a setting that can be disabled normally from >the BIOS, like with TPMs today: > >http://support.intel.com/support/motherboards/desktop/sb/cs-020837.htm With TPMs it's a bit different, they're absent from the

wrt "Network Endpoint Assessment" (was: Re: Free Rootkit with Every New Intel Machine)

2007-06-21 Thread Jeff . Hodges
of potential related interest is.. Network Endpoint Assessment (NEA): Overview and Requirements note term "remediate/remediation". relevant snippage below. see also.. http://www.ietf.org/html.charters/nea-charter

Re: Free Rootkit with Every New Intel Machine

2007-06-21 Thread Ivan Krstić
Peter Gutmann wrote: > [...] a register article saying Intel released its new platform Centrino Pro > which includes Intel Active Management 2.5. An article with some more info is > here: It appears Active Management is a setting that can be disabled normally from the BIOS, like with TPMs today:

Re: Free Rootkit with Every New Intel Machine

2007-06-21 Thread Stephan Neuhaus
Peter Gutmann wrote: -- Snip -- This is very scary. I bet that our Minister of the Interior would love it, though, since he has been pushing a scheme for stealth examination of suspects' computers (called "Federal Trojan"). Technology like this would be a large first step towards making th

Re: Free Rootkit with Every New Intel Machine

2007-06-11 Thread James A. Donald
Initially I did not believe it, thought it must be hype or hoax. Nope, it is a rootkit in hardware. http://www.intel.com/business/vpro/index.htm : : Isolate security tasks—in a separate : : environment that is hidden to the user : : : : [...] : : : : Perform hardware and softwar