Advertisement
Guest User

Untitled

a guest
Aug 14th, 2011
785
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.28 KB | None | 0 0
  1. there's no security in trusted boot
  2. - or -
  3. how I hacked 3000 hackers ;)
  4.  
  5. although the r0ket SW is opensource I managed to put a
  6. little and not so serious trojan horse onto the official
  7. release.
  8. the "pwgen" l0dable will create passwords only from a list
  9. of 64k passwords. happy ssh scanning on the camp network ;)
  10.  
  11. I am not taking this serios and also am unwilling to believe
  12. that any one of the visitors of cccamp11 used the little
  13. program to create his secure passwords.
  14.  
  15. I did it to provide a counter-example that there's not a
  16. single point of security enhancement in trusted boot (or
  17. TPM, TXT, DRM, or what the buzzword of the week might be).
  18. quite the contrary is the case: even if you found the
  19. bug/hole in the "pwgen" source, binary or by simply testing it
  20. extensively, you'd need the good will of the manufacturer to
  21. release a fixed new signed binary. there's no way you may fix
  22. it yourself while keeping all other features functional
  23. (assuming there were no other bufferoverflow or alike bugs to
  24. gain code execution).
  25.  
  26. all you intels, apples, microsofts, googles and HTCs: go away
  27. with closed products. we want open platforms. if you think
  28. you need trusted boot always provide the fairness to let
  29. your consumer distrust you and let them sign and execute their
  30. own code.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement