Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > NZ Computing > Now Playing at the Palladium

Reply
Thread Tools

Now Playing at the Palladium

 
 
Lawrence DčOliveiro
Guest
Posts: n/a
 
      03-19-2005
Major PC vendors
<http://news.com.com/Hardware+securit...-7355_3-561903
5.html> have started shipping machines with in-built Palladium/NGSCB
support. This even though Microsoft has yet to release any official
software support for the architecture.

I wonder if this means that the Palladium/NGSCB spec has finally settled
down, since at last report (in a link from the above item) Microsoft was
rethinking parts of the whole idea in response to the controversy that
was raised.

The most troubling part of the original idea was the "remote
attestation" feature. This meant that a Palladium/NGSCB-equipped machine
was able to prove to a remote server that it was running unmodified
vendor-authorized software, and thereby be allowed to access services
(e.g. downloaded copyrighted content) that were not available to any
other software, or any version of the software with unauthorized
modifications.
 
Reply With Quote
 
 
 
 
Mercury
Guest
Posts: n/a
 
      03-19-2005
Intel was shipping a palladium equiped mobo yonks ago.
It was readily available - forget which specific model it was - and many
with intel P4 mobos will have it.

"Lawrence DčOliveiro" <(E-Mail Removed)_zealand> wrote in message
news:(E-Mail Removed)...
> Major PC vendors
> <http://news.com.com/Hardware+securit...-7355_3-561903
> 5.html> have started shipping machines with in-built Palladium/NGSCB
> support. This even though Microsoft has yet to release any official
> software support for the architecture.
>
> I wonder if this means that the Palladium/NGSCB spec has finally settled
> down, since at last report (in a link from the above item) Microsoft was
> rethinking parts of the whole idea in response to the controversy that
> was raised.
>
> The most troubling part of the original idea was the "remote
> attestation" feature. This meant that a Palladium/NGSCB-equipped machine
> was able to prove to a remote server that it was running unmodified
> vendor-authorized software, and thereby be allowed to access services
> (e.g. downloaded copyrighted content) that were not available to any
> other software, or any version of the software with unauthorized
> modifications.



 
Reply With Quote
 
 
 
 
Mercury
Guest
Posts: n/a
 
      03-19-2005
The most valuable part of palladium feature set (IMHO) was the secure
keyboard data stream - it was supposed to remove the chance of keystroke
loggers fo any OS that utilised it.


"Lawrence DčOliveiro" <(E-Mail Removed)_zealand> wrote in message
news:(E-Mail Removed)...
> Major PC vendors
> <http://news.com.com/Hardware+securit...-7355_3-561903
> 5.html> have started shipping machines with in-built Palladium/NGSCB
> support. This even though Microsoft has yet to release any official
> software support for the architecture.
>
> I wonder if this means that the Palladium/NGSCB spec has finally settled
> down, since at last report (in a link from the above item) Microsoft was
> rethinking parts of the whole idea in response to the controversy that
> was raised.
>
> The most troubling part of the original idea was the "remote
> attestation" feature. This meant that a Palladium/NGSCB-equipped machine
> was able to prove to a remote server that it was running unmodified
> vendor-authorized software, and thereby be allowed to access services
> (e.g. downloaded copyrighted content) that were not available to any
> other software, or any version of the software with unauthorized
> modifications.



 
Reply With Quote
 
Lawrence DčOliveiro
Guest
Posts: n/a
 
      03-19-2005
In article <d1h2mg$4uo$(E-Mail Removed)>, "Mercury" <(E-Mail Removed)>
wrote:

>The most valuable part of palladium feature set (IMHO) was the secure
>keyboard data stream - it was supposed to remove the chance of keystroke
>loggers fo any OS that utilised it.


I don't see how it's possible to make that secure. If you can subvert
the OS (which is easy with Windows), you can still snoop keystrokes
after they've been decrypted--which has to happen at some point.

Also you could just open up the keyboard and hide a little circuit in
there that captures the keystrokes before they're encrypted.
 
Reply With Quote
 
Rob J
Guest
Posts: n/a
 
      03-20-2005
In article <(E-Mail Removed)> in nz.comp on Sun,
20 Mar 2005 02:25:44 +1300, Lawrence DčOliveiro <ldo@geek-
central.gen.new_zealand> says...
> In article <d1h2mg$4uo$(E-Mail Removed)>, "Mercury" <(E-Mail Removed)>
> wrote:
>
> >The most valuable part of palladium feature set (IMHO) was the secure
> >keyboard data stream - it was supposed to remove the chance of keystroke
> >loggers fo any OS that utilised it.

>
> I don't see how it's possible to make that secure. If you can subvert
> the OS (which is easy with Windows), you can still snoop keystrokes
> after they've been decrypted--which has to happen at some point.


What do you suppose "software trust" is? It's knowing what every
application in your system is, and as I read it, that's exactly what the
trend is in operating systems, including Palladium. Signing of drivers is
but one step along this path.

> Also you could just open up the keyboard and hide a little circuit in
> there that captures the keystrokes before they're encrypted.


But then how does the data get from it to the logger?
 
Reply With Quote
 
Mercury
Guest
Posts: n/a
 
      03-20-2005
The proposition / standard is for the data stream to be encypted between the
end points (supposedly).

"Lawrence DčOliveiro" <(E-Mail Removed)_zealand> wrote in message
news:(E-Mail Removed)...
> In article <d1h2mg$4uo$(E-Mail Removed)>, "Mercury" <(E-Mail Removed)>
> wrote:
>
>>The most valuable part of palladium feature set (IMHO) was the secure
>>keyboard data stream - it was supposed to remove the chance of keystroke
>>loggers fo any OS that utilised it.

>
> I don't see how it's possible to make that secure. If you can subvert
> the OS (which is easy with Windows), you can still snoop keystrokes
> after they've been decrypted--which has to happen at some point.
>
> Also you could just open up the keyboard and hide a little circuit in
> there that captures the keystrokes before they're encrypted.



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ctypes to customize MSN now playing status est Python 0 01-06-2009 08:09 AM
Palladium 1 looking for a home jim.alred@thomson.net VHDL 0 12-15-2008 04:49 PM
Youtube not playing in Firefox... (Now neither is Pandora!!!) RA Firefox 1 07-09-2008 04:08 PM
Change the MSN Now Playing Text with ruby Wu Nan Ruby 0 12-26-2007 06:17 AM
Now Playing 247: Any Problems? Ken DVD Video 2 12-25-2003 01:16 AM



Advertisments