Weekly Edition
Return to the Security page
| |||||||||||||
Security quotes of the week
A possible outcome is that the distributions who care about signed modules will all just carry this patchset anyway, and the ones who don't won't. That's probably going to be interpreted by many as giving too much responsibility to Microsoft, but it's worth emphasising that these patches change nothing in that respect - if your firmware trusts Microsoft, you already trust Microsoft. If your firmware doesn't trust Microsoft, these patches will not cause your kernel to trust Microsoft. If you've set up your own chain of trust instead, anything signed by Microsoft will be rejected.
-- Matthew Garrett on
third-party keys in a secure boot world
What's next? It wouldn't surprise me too much if nothing happens until someone demonstrates how to use a signed Linux system to attack Windows. Microsoft's response to that will probably determine whether anyone ends up caring.
First, open systems conducted within a known group make voting fraud much harder. Every step of the election process is observed by everyone, and everyone knows everyone, which makes it harder for someone to get away with anything.
-- Bruce
Schneier considers the possibility of hacking the election of a new pope
Second, small and simple elections are easier to secure. This kind of process works to elect a pope or a club president, but quickly becomes unwieldy for a large-scale election. The only way manual systems could work for a larger group would be through a pyramid-like mechanism, with small groups reporting their manually obtained results up the chain to more central tabulating authorities. And third: When an election process is left to develop over the course of a couple of thousand years, you end up with something surprisingly good.
It's very hard to use cryptography effectively if you assume an APT
[advanced persistent threat] is
watching everything on a system. We need to think about security in a
post-cryptography world.
-- Adi
Shamir, the "S" in RSA(Log in to post comments)
"Attack" Posted Feb 28, 2013 9:44 UTC (Thu) by epa (subscriber, #39769) [Link]
It is a slightly Orwellian usage to say "attack Windows" when all you mean is "boot Windows bypassing the signature check". There could be good reasons why the owner of the computer might want to do that, for example patching Windows to load device drivers not signed by Microsoft (on platforms where Microsoft enforces this), or even, in some not-so-distant future, to run applications not signed by the Microsoft app store.
"Attack" Posted Feb 28, 2013 15:01 UTC (Thu) by mjg59 (subscriber, #23239) [Link]
"Boot Windows bypassing the signature check without the user's consent". All Windows 8 systems are required to allow the end-user to disable Secure Boot, the concern is only about remote attacks.
"Attack" Posted Feb 28, 2013 17:27 UTC (Thu) by niner (subscriber, #26151) [Link]
"All Windows 8 systems are required to allow the end-user to disable Secure Boot"
All x86_64 or x86 systems are required. On ARM on the other hand, it's forbidden.
"Attack" Posted Feb 28, 2013 17:30 UTC (Thu) by mjg59 (subscriber, #23239) [Link]
That's Windows RT, not Windows 8.
"Attack" Posted Mar 3, 2013 23:23 UTC (Sun) by quotemstr (subscriber, #45331) [Link]
Windows RT is a SKU of Windows 8. There's no real difference between the systems.
"Attack" Posted Mar 3, 2013 23:25 UTC (Sun) by mjg59 (subscriber, #23239) [Link]
They're different products with different policies. The commonality of the code is pretty irrelevant.
"Attack" Posted Mar 1, 2013 10:25 UTC (Fri) by epa (subscriber, #39769) [Link]
The quotation does say "Windows" not "Windows 8". There are already Windows-branded systems in the wild that do not allow turning off Secure Boot.
Manual process Posted Mar 1, 2013 18:03 UTC (Fri) by man_ls (subscriber, #15091) [Link] Pyramid-like manual mechanisms work wonderfully for elections in a lot of countries around the world. Electronic schemes on the other hand are rife with obscurity and suspicions of fraud, or so we hear from the US. I know which one I prefer.The manual mechanism here in Spain is very similar to the process described for the Pope election: ballots are entered in a crystal box sealed, then votes are tallied in common by three random citizens -- with observers from all interested political parties. The results are tabulated and sent to the minister in a sealed box. In case of doubt a recount is possible. It is possible that aggregated recounts are done electronically, but that part is done by civil servants (I suppose with external observers also) and is less prone to cracking -- although historically it has been the weaker spot. Small groups are always easy to secure, but they are also easy to coerce and manipulate. Those are separate threats.
Security quotes of the week Posted Mar 5, 2013 15:03 UTC (Tue) by ortalo (subscriber, #4654) [Link]
Hey, what about threshold schemes for intrusion tolerance!
BTW, these algo. weren't also called "Shamir's Secret Sharing" algorithms? ;-)
Of course, it also implies that the target systems are disimilar and do not have the same vulnerabilities... But we love diversification in the open source world (all the Linuxes + all the BSDs...), don't we? And we are all very eager do redo things differently a few times (for personal ego reasons).
|
|||||||||||||