[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] TPM - will it work as pushed to the public?

To: <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] TPM - will it work as pushed to the public?
From: "Todd Towles" <toddtowles@xxxxxxxxxxxxxxx>
Date: Thu, 15 Dec 2005 12:47:10 -0600

http://www.msnbc.msn.com/ID/10441443
<http://www.msnbc.msn.com/ID/10441443> 

Is it me or is this totally not going to work for normal people?

"Of course you could always "fool" the system by starting your computer
with your unique PIN or fingerprint and then letting another person use
it, but that's a choice similar to giving someone else your credit

card.) "

Umm you mean like a backdoor installed on the system, VNC injection..the
attacker can "use" your computer and your TPM chip from anywhere in the
world. This will protect huge corporations by stopping attackers from
using username/passwords on other computer systems, but how is this
going to protect grandma (aka people that don't patch and therefore get
infected anyways). MITM attack will still work, even with TPM

Of course, people will find a way to spoof the TPM by using another
computer infront of their own or someother trick. This seems to be just
another left jab in the ongoing boxing match...not a "cure".

-Todd

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] TPM - will it work as pushed to the public?
  - From: Valdis . Kletnieks

Prev by Date: [Full-disclosure] Fwd: WSLabs, Phishing Alert: Internal Revenue (FAO Todd Towles)
Next by Date: Re: [Full-disclosure] Fwd: WSLabs, Phishing Alert: Internal Revenue (FAO Todd Towles)
Previous by thread: RE: [Full-disclosure] Fwd: WSLabs, Phishing Alert: Internal Revenue (FAO Todd Towles)
Next by thread: Re: [Full-disclosure] TPM - will it work as pushed to the public?
Index(es):
- Date
- Thread