Software-based attacks are redistributable. Once I write a program
that hacks a computer, I can give that program to anyone to use. I
can even give it to everyone, and then anyone could use it. The
expertise necessary can be abstracted away into a program even my
mother could use.
On Sun, Oct 20, 2002 at 10:38:35PM -0400, Arnold G. Reinhold wrote:
There may be a hole somewhere, but Microsoft is trying hard to get
it right and Brian seemed quite competent.
It doesn't sound breakable in pure software for the user, so this
forces the user to use some hardware hacking.
They
At 10:52 PM +0100 10/21/02, Adam Back wrote:
On Sun, Oct 20, 2002 at 10:38:35PM -0400, Arnold G. Reinhold wrote:
There may be a hole somewhere, but Microsoft is trying hard to get
it right and Brian seemed quite competent.
It doesn't sound breakable in pure software for the user, so this
Remote attestation does indeed require Palladium to be secure against
the local user.
However my point is while they seem to have done a good job of
providing software security for the remote attestation function, it
seems at this point that hardware security is laughable.
So they disclaim in
On Tue, Oct 22, 2002 at 04:52:16PM +0100, Adam Back wrote:
So they disclaim in the talk announce that Palladium is not intended
to be secure against hardware attacks:
| Palladium is not designed to provide defenses against
| hardware-based attacks that originate from someone in control of
[EMAIL PROTECTED]
CC: Cryptography [EMAIL PROTECTED], Adam Back
[EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: palladium presentation - anyone going?
Date: Sun, 20 Oct 2002 22:38:35 -0400
At 7:15 PM +0100 10/17/02, Adam Back wrote:
Would someone at MIT / in Boston area like to go to this [see
Would someone at MIT / in Boston area like to go to this and send a
report to the list? Might help clear up some of the currently
unexplained aspects about Palladium, such as:
- why they think it couldn't be used to protect software copyright (as
the subject of Lucky's patent)
- are there plans