On Wed, 2 Feb 2005, Dan Kaminsky wrote:
Uh, you *really* have no idea how much the black hat community is looking forward to TCPA. For example, Office is going to have core components running inside a protected environment totally immune to antivirus.
How? TCPA is only a cryptographic device, and some BIOS code, nothing else. Does the coming of TCPA chips eliminate the bugs, buffer overflows, stack overflows, or any other way to execute arbitrary code? If yes, isn't that a wonderful thing? Obviously it doesn't (eliminate bugs and so on).
Since these components are going to be managing cryptographic operations, the "well defined API" exposed from within the sandbox will have arbitrary content going in, and opaque content coming out. Malware goes in (there's not a executable environment created that can't be exploited), sets up shop, has no need to be stealthy due to the complete blockage of AV monitors and cleaners, and does what it wants to the plaintext and ciphertext (alters content, changes keys) before emitting it back out the opaque outbound interface.
I use cryptographic devices everyday, and TCPA is not different than the present situation. No better, no worse. -- Erwann ABALEA <erwann@abalea.com> - RSA PGP Key ID: 0x2D0EABD5