-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 9/22/2013 2:23 PM, Jerry Leichter wrote:
On Sep 21, 2013, at 10:05 PM, d.nix wrote:
Hah hah hah. Uh, reading between the lines, color me *skeptical* that this is really what it claims to be, given the current understanding of things...
http://www.intel.com/content/www/us/en/enterprise-security/what-is-vpro-tech...
The question isn't whether it's what it claims to be. It is that. But is it's *more* than it claims to be.
Yes, in my haste I neglected the "only" disclaimer bit; it is indeed a means by which the *rightful owner/administrator* might perform very useful tasks. The obvious crux of the biscuit is *who else* has access, and what can they do surreptitiously? If for example, the paper regarding manipulating the RNG circuit by alternate chip doping is valid, then an adversary with deep pockets and vast resources might well be able remotely target specific systems on demand. Possibly even air gapped ones if this function is controllable via a 3G signal as I have read elsewhere. Or perhaps just outright reroute and tap information prior to encryption, or subtly corrupt things in other ways such that processes fail or leak data. A universal on-demand STUXNET, if you will... Yes, idle unfounded speculation, I know... but still... these days the fear is that we're not paranoid enough. Hmmmm. Maybe time to pull my old 1996 SGI R10K and R4400 boxes out of storage. For a few *very* dedicated and air gapped tasks they might be a small measure of worthwhile trouble. Regards, DN -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (MingW32) iQEcBAEBAgAGBQJSP4OfAAoJEDMbeBxcUNAeVmUH/3MRSd/QkH9J/fY4iezSX/ME 2AbXaRSJmyLhZPW/c+moH0aUYAIPUQQ3JmVt0InZWM06jrR0pO/I9GxIM9IUWYM7 /6u/NLUcdiDtJx+BLcyUdtqSpYErkWQH9qoWxunDtUUj988xxTgia1Q+yN0h+ZOg 6PJtXB8+fTAGSoRCkhuokitB/XGbMFgAxtIyq2CMVSr3v0fOGCItvEq2wVzw8+h1 o0ps90OE3RLnel6u4YNm5EFRWoDiwN45+u/wGdXHJlSUZrncX1o6NsGvSC/0Pl94 7CYF7qpeltMMzpgPrp0IeWrls/G89FdOnjD97nzcCQ480RZAfpYCNXOIBURXq+I= =SUzc -----END PGP SIGNATURE-----