Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- there's no security in trusted boot
- - or -
- how I hacked 3000 hackers ;)
- although the r0ket SW is opensource I managed to put a
- little and not so serious trojan horse onto the official
- release.
- the "pwgen" l0dable will create passwords only from a list
- of 64k passwords. happy ssh scanning on the camp network ;)
- I am not taking this serios and also am unwilling to believe
- that any one of the visitors of cccamp11 used the little
- program to create his secure passwords.
- I did it to provide a counter-example that there's not a
- single point of security enhancement in trusted boot (or
- TPM, TXT, DRM, or what the buzzword of the week might be).
- quite the contrary is the case: even if you found the
- bug/hole in the "pwgen" source, binary or by simply testing it
- extensively, you'd need the good will of the manufacturer to
- release a fixed new signed binary. there's no way you may fix
- it yourself while keeping all other features functional
- (assuming there were no other bufferoverflow or alike bugs to
- gain code execution).
- all you intels, apples, microsofts, googles and HTCs: go away
- with closed products. we want open platforms. if you think
- you need trusted boot always provide the fairness to let
- your consumer distrust you and let them sign and execute their
- own code.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement