Palladium -- trivially weak in hw but "secure in software"?? (Re: palladium presentation - anyone going?)
alan at clueserver.org
Tue Oct 22 03:45:51 PDT 2002
On Tue, 22 Oct 2002, Rick Wash wrote:
> Hardware-based attacks cannot be redistributed. If I figure out how
> to hack my system, I can post instructions on the web but it still
> requires techinical competence on your end if you want to hack your
> system too.
> While this doesn't help a whole lot for a DRM goal (once you get the
> non-DRM version of the media data, you can redistribute it all you
> want), it can be very useful for security. It can help to eliminate
> the 'script kiddie' style of attackers.
Not really. It depends on what they are exploiting. Does every piece of
code need to be validated all the time? Once a program is running, does
something running in its code space get revalidated or soes it just run?
I don't see how paladium stops buffer overflows or heap exploits or format
bugs or any of the standard exploits that are in use today. (Not without
crippling the entire system for bot the user and the programmer.)
It seems to change little for script kiddies if the machines are going to
communicate with other systems. (Unless the DRM holders will control who
and how you can connect as well. And they just might do that as well...)
The perveyors of this also claim it will stop spam and e-mail viruses.
They only way it can do that is by making paladium based systems
incompatable with every non-DRM machine on the planet. (So much for
getting e-mail from your relatives!)
The only problem this hardware seems to solve is shackling the user into
what data they can see and use. If Microsoft follows their standard
coding practices, the script kiddie problem will not go away with this
technology. It will probably increase.
And it will be illegal to effectivly stop them.
More information about the cypherpunks-legacy