An attack on paypal --> secure UI for browsers

Mike Rosing eresrch at eskimo.com
Fri Jun 13 06:16:02 PDT 2003 

On Fri, 13 Jun 2003, Nomen Nescio wrote:

> Apparently you neglected to read
> http://www.microsoft.com/resources/ngscb/NGSCB_Overview.mspx, where
> Microsoft says (as they have repeated many times) "Customers and partners
> need reliable ways to ensure the quality of technology that addresses
> the critical needs met by NGSCB. That's why Microsoft will make available
> for public review the source code of the core piece of enabling software
> in NGSCB, called the 'nexus,' so it can be evaluated and validated by
> third parties for both security and privacy considerations."

So why isn't it open for review *before* it's finalized?  Might it
give too many people an idea of what's really wrong with it?

> Therefore some educated person (obviously not you, at least not yet)
> will in fact be able to perform their own examination of the trusted part
> of the OS, since it will have its source code published for exactly this
> sort of review.

Let's see it now.  Not after it's finisihed.

> Microsoft's legacy software is all extremely complex.  Palladium is
> taking a different approach, aiming at simplicity and transparency.

I want the drugs you are on dude.  You have a very rosy picture, and
it seems all your inputs have been hijacked by supreme chemicals!

> The Nexus, which is the micro-kernel for the trusted components (NCAs),
> will be published for review.  Its tasks are relatively few and well
> defined, nothing like the massive Windows OS.  That is what Microsoft has
> gained by architecting Palladium as they did, with the new "trusted"
> CPU mode, which allows side-by-side operating systems to run.  On the
> left hand side (LHS) we find the legacy Windows OS and applications.
> On the right hand side (RHS) we find the Nexus acting as the OS, and
> the NCAs acting as the applications.

And in the mean time the user can't control their own computer.

> The brilliance of Palladium is that the LHS can't touch the RHS,
> because of hardware protection.  At one stroke, the new trusted mode is
> insulated from bugs in the Windows OS, device drivers and applications.
> It in effect allows the designers to start with a clean piece of paper
> and produce a simple micro-kernel (the Nexus) whose only job is to
> service the NCAs.  This is a manageable task and, in conjunction with
> public review, there is good reason to hope and expect that the Nexus
> will be secure.  If so then NCAs will indeed run in a mode where they
> are protected from other software components (including other NCAs).

Very nice drug induced rant.  Too bad reality doesn't work that way.
Who owns the hardware?  The user or the RIAA?  True hardware protection
means the user is protected from Microsoft, not the other way around.

> Your comments above make it clear that you are not at all acquainted
> with the material in those documents.  If you're going to pretend to
> be a security expert (remember when you advocated ECB mode for the XML
> encryption effort?!!), you could do worse than spending a few hours
> studying these documents closely.  It's very likely that NGSCB will
> be a central technology for security in the next two to ten years or
> even longer.  This is undoubtedly an area where security consulting
> could be lucrative.  Sadly, even "experts" of your caliber can probably
> be very successful in this area.  But you'll have to do your homework.

Palladium changed to NGSCB and will morph to something else and something
after that.  It won't ever fly because the user can't control their own
machine.

Trust is a two way street.  Until Microsoft learns to trust their
customers, nobody will trust Microsoft.  What we do in person we can do
on a computer.  We can con each other in person, so we'll be able to con
each other with computers.  That's how reality works, and no hardware
or laws is going to change that.

Instead of trying to wave a magic wand while everyone is on lsd, it'd
be better if Microsoft and the RIAA came out with their own hardware
for the specific purpose of DRM sales.  Everyone would know who owns
the hardware because they'd just rent it instead of buying it.  IBM
is already on the right track for this.  Microsoft has yet to get it.

Patience, persistence, truth,
Dr. mike

More information about the cypherpunks-legacy mailing list