Snowden and Compilers
Lodewijk andré de la porte
l at odewijk.nl
Sun Feb 16 05:44:58 PST 2014
2014-02-16 4:03 GMT+01:00 <dan at geer.org>:
> So, to get down to brass tacks: If I can get to the chip mask pre
> lithography, how many gates do I need? A thousand for a kill switch
> and three thousand for a connection?
>
You can also manipulate other parts of the machine. With features present
in vPro all that's needed is a "buffer overflow" hidden "bug" that allows
remote control. The "bug" might even be hidden in non-spec gates or code
flashed into it later.
Bottom line: no defense when you use vPro capable Intel chipsets.
This is a massive problem for me as someone who'd like to produce a secure
system. If the NSA can remote enable vPro anytime they like, what am I
going to do at any other level? There's plenty of tricks you can pull to
make it seem they didn't use vPro, as vPro usage is pretty much
undetectable. Think manipulation of random number generation making it seem
they have some unknown random number generator attack, when in fact they
just manipulated it.
So large is our current closed source trouble.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1609 bytes
Desc: not available
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20140216/179d3244/attachment-0001.txt>
More information about the cypherpunks
mailing list