Intel about to make the same error as with processor ID?

Archived from groups: comp.sys.ibm.pc.hardware.chips (More info?)

I just got this from German ARD teletext

567/0 ARD-Text 18.04.04 14:53:26

Multimedia / Internet
Intel-Chips mit eingebauter Sicherheit
Der Chip-Hersteller Intel hat jetzt die
n{chste Generation von Prozessoren fuer
Mobilgeraete vorgestellt, die fest inte-
grierte Sicherheitsvorkehrungen gegen
Hackerangriffe und auch Urheberrechts-
verletzungen besitzen.

Translation:
Intel chips with build in security.
The chip manufacturer Intel has now
announced its next generation processors for
mobile computers, that have fixed integrated
security measures against hacker attacks
and also copyright violations.

JP
20 answers Last reply
More about intel make error processor
  1. Archived from groups: comp.sys.ibm.pc.hardware.chips (More info?)

    On Sun, 18 Apr 2004 13:03:12 GMT, Jan Panteltje <pNaonStpealmtje@yahoo.com> wrote:

    >I just got this from German ARD teletext
    >
    >567/0 ARD-Text 18.04.04 14:53:26
    >
    >Multimedia / Internet
    >Intel-Chips mit eingebauter Sicherheit
    >Der Chip-Hersteller Intel hat jetzt die
    >n{chste Generation von Prozessoren fuer
    >Mobilgeraete vorgestellt, die fest inte-
    >grierte Sicherheitsvorkehrungen gegen
    >Hackerangriffe und auch Urheberrechts-
    >verletzungen besitzen.
    >
    >Translation:
    >Intel chips with build in security.
    >The chip manufacturer Intel has now
    >announced its next generation processors for
    >mobile computers, that have fixed integrated
    >security measures against hacker attacks
    >and also copyright violations.
    >
    >JP

    Is the same as the code found in Itanium and AMD 64?
  2. Archived from groups: comp.sys.ibm.pc.hardware.chips (More info?)

    On Sun, 18 Apr 2004 13:03:12 GMT, Jan Panteltje
    <pNaonStpealmtje@yahoo.com> wrote:
    >Translation:
    >Intel chips with build in security.
    >The chip manufacturer Intel has now
    >announced its next generation processors for
    >mobile computers, that have fixed integrated
    >security measures against hacker attacks
    >and also copyright violations.

    Intel has started including a Trusted Computing Group chip in their
    newest chips. The first one that's available (the one I think this
    article is talking about) is the new XScale (ARM) PXA27x. The TCG
    chip is also expected to find it's way into both AMD and Intel desktop
    processors in the near future.

    There are some potential benefits to this, despite what all the
    tin-foil crowd like to say, this TCG technology CAN be used to improve
    the security of a system. In fact, that is a primary goal of it.
    However it can also be used to implement "Digital Rights Management"
    (more than a bit of a misnomer, as some poster on /. said recently
    "rights do not need to be managed"), something that many people object
    to. It could also be used, for example, to better enforce company
    computer policies, another thing many people don't much like.

    So, is this like the processor serial number? Not exactly. The TCG
    technology has some potentially very useful technology while the
    Processor Serial Number did not. On the flip side, there are some
    potentially downsides to this TCG stuff, while the serial number was
    pretty much pointless.

    -------------
    Tony Hill
    hilla <underscore> 20 <at> yahoo <dot> ca
  3. Archived from groups: comp.sys.ibm.pc.hardware.chips (More info?)

    Tony Hill wrote:


    >
    > So, is this like the processor serial number? Not exactly. The TCG
    > technology has some potentially very useful technology while the
    > Processor Serial Number did not. On the flip side, there are some
    > potentially downsides to this TCG stuff, while the serial number was
    > pretty much pointless.
    >

    I'd think if they eliminated buffer overruns in hardware, most security
    issues would be solved, at least from where I'm at. Almost all the linux
    security issues are caused by that and many of the windows ones as well or
    so it seems from reading all the patches.

    --

    Stacey
  4. Archived from groups: comp.sys.ibm.pc.hardware.chips (More info?)

    On Sun, 18 Apr 2004 21:40:33 -0400, Stacey <fotocord@yahoo.com> wrote:
    >Tony Hill wrote:
    >> So, is this like the processor serial number? Not exactly. The TCG
    >> technology has some potentially very useful technology while the
    >> Processor Serial Number did not. On the flip side, there are some
    >> potentially downsides to this TCG stuff, while the serial number was
    >> pretty much pointless.
    >
    >I'd think if they eliminated buffer overruns in hardware, most security
    >issues would be solved, at least from where I'm at. Almost all the linux
    >security issues are caused by that and many of the windows ones as well or
    >so it seems from reading all the patches.

    It's not really possible to eliminate buffer overruns in hardware,
    just to limit the amount of damage that can be caused when a buffer
    overrun occurs. With the non-executable memory pages that AMD has in
    their x86-64 chips a buffer overrun tends to just become a DoS attack
    instead of a remote exploit. Definitely an improvement, but by no
    means a surefire fix, and it is still possible (though somewhat
    difficult) to get a remote exploit with a buffer overrun, even with
    non-executable pages.

    The Trusted Computing stuff takes this a step further, and in that
    regards it should be a welcome addition. However it's the other stuff
    that makes it seem rather.. umm.. frightening I suppose.

    -------------
    Tony Hill
    hilla <underscore> 20 <at> yahoo <dot> ca
  5. Archived from groups: comp.sys.ibm.pc.hardware.chips (More info?)

    Jan Panteltje wrote:

    > Intel chips with build in security.
    > The chip manufacturer Intel has now
    > announced its next generation processors for
    > mobile computers, that have fixed integrated
    > security measures against hacker attacks
    > and also copyright violations.

    http://slashdot.org/article.pl?sid=04/04/13/1955209&mode=nocomment
    http://www.extremetech.com/article2/0,1558,1565846,00.asp
  6. Archived from groups: comp.sys.ibm.pc.hardware.chips (More info?)

    On a sunny day (Sun, 18 Apr 2004 18:01:10 -0400) it happened Tony Hill
    <hilla_nospam_20@yahoo.ca> wrote in
    <aoq580pcj5tvqde7kd6ht8ji13n9ktoh3j@4ax.com>:

    >So, is this like the processor serial number? Not exactly. The TCG
    >technology has some potentially very useful technology while the
    >Processor Serial Number did not. On the flip side, there are some
    >potentially downsides to this TCG stuff, while the serial number was
    >pretty much pointless.
    But does it have some unique ID?
    Not that give a .... my IP address and ethernet Hwaddr already uniquely
    ID me.
    But this I KNOW, in my view users should be informed if they are traced.
    JP
  7. Archived from groups: comp.sys.ibm.pc.hardware.chips (More info?)

    On Sun, 18 Apr 2004 18:01:10 -0400, Tony Hill
    <hilla_nospam_20@yahoo.ca> wrote:
    >So, is this like the processor serial number? Not exactly. The TCG
    >technology has some potentially very useful technology while the
    >Processor Serial Number did not. On the flip side, there are some
    >potentially downsides to this TCG stuff, while the serial number was
    >pretty much pointless.

    I think so far, in the hands of folks with power, the potential
    downside seldom has the word "potential" after a while. The potential
    usefulness often remains at potential.

    --
    L.Angel: I'm looking for web design work.
    If you need basic to med complexity webpages at affordable rates, email me :)
    Standard HTML, SHTML, MySQL + PHP or ASP, Javascript.
    If you really want, FrontPage & DreamWeaver too.
    But keep in mind you pay extra bandwidth for their bloated code
  8. Archived from groups: comp.sys.ibm.pc.hardware.chips (More info?)

    Stacey <fotocord@yahoo.com> wrote:
    > Tony Hill wrote:
    >
    >
    > >
    > > So, is this like the processor serial number? Not exactly. The TCG
    > > technology has some potentially very useful technology while the
    > > Processor Serial Number did not. On the flip side, there are some
    > > potentially downsides to this TCG stuff, while the serial number was
    > > pretty much pointless.
    > >
    >
    > I'd think if they eliminated buffer overruns in hardware, most security
    > issues would be solved, at least from where I'm at. Almost all the linux
    > security issues are caused by that and many of the windows ones as well or
    > so it seems from reading all the patches.
    >

    I thought most windows issues were caused by outlook and window's
    bad habit of executing carefully crafted email attachments. Things
    like mypictures.jpg.exe, or one of the newer ones, something.jpg<bunch
    of spaces>.exe. MS seems to be trying to fix their poor design
    decisions by yet more hardware.

    The linux security issues do seem to be mainly buffer overflows,
    although an occasional kernel security issue does creep in.

    --
    a n
    gapeters @ t . e
    t t
  9. Archived from groups: comp.sys.ibm.pc.hardware.chips (More info?)

    Stacey <fotocord@yahoo.com> wrote:
    > I'd think if they eliminated buffer overruns in hardware, most security
    > issues would be solved, at least from where I'm at. Almost all the linux
    > security issues are caused by that and many of the windows ones as well or
    > so it seems from reading all the patches.

    So long as variable length data (usually local char arrays)
    are stored (on the stack, usually) where they can walk over
    return addresses, then buffer over-runs will exist with severe
    security consequences.

    The currently discussed "hardware protection" is nothing more
    than making the stack-space non-executable. That will stop
    those attacks which bring in executable code. But not those
    which simply bring in data, and alter the return address to
    a suitable fragment in the original, unaltered executable
    (exec `/bin/sh`)

    -- Robert
  10. Archived from groups: comp.sys.ibm.pc.hardware.chips (More info?)

    On Mon, 19 Apr 2004 17:14:55 GMT, Jan Panteltje
    <pNaonStpealmtje@yahoo.com> wrote:
    >On a sunny day (Sun, 18 Apr 2004 18:01:10 -0400) it happened Tony Hill
    ><hilla_nospam_20@yahoo.ca> wrote in
    ><aoq580pcj5tvqde7kd6ht8ji13n9ktoh3j@4ax.com>:
    >
    >>So, is this like the processor serial number? Not exactly. The TCG
    >>technology has some potentially very useful technology while the
    >>Processor Serial Number did not. On the flip side, there are some
    >>potentially downsides to this TCG stuff, while the serial number was
    >>pretty much pointless.
    >But does it have some unique ID?

    My understanding is that yes, you can uniquely identify a PC by it's
    Trusted Computing Processor (or whatever the name of it is today).

    >Not that give a .... my IP address and ethernet Hwaddr already uniquely
    >ID me.
    >But this I KNOW, in my view users should be informed if they are traced.

    They should be, but aren't today. I don't think this Trusted
    Computing stuff is really going to change things much here, as you
    mentioned the ethernet MAC address is already unique as far as 99.9%
    of all users are concerned (yes, it can be changed, but virtually no
    one does change it). Similarly you can get a serial number from your
    hard drive to uniquely identify a PC, or you can go the Microsoft
    route and get a sort of hash of all the hardware in the system.

    The TCG stuff works in almost the exact same way as all of this, it
    just automates things a tiny bit more, ie the application just
    executes one bit of code specifically designed to get this information
    rather than pulling it out of a variety of sources.

    Note that this doesn't mean that web sites can secretly spy on you
    because of this. As long as your browser isn't COMPLETELY broken
    (read: as long as you are not running Internet Explorer with it's
    enormous multitude of security holes) it's not possible to execute
    arbitrary code like this just by viewing a web page. However if you
    install an app on your system it could well read the TCG number and
    report back to the app writer.

    -------------
    Tony Hill
    hilla <underscore> 20 <at> yahoo <dot> ca
  11. Archived from groups: comp.sys.ibm.pc.hardware.chips (More info?)

    "Tony Hill" <hilla_nospam_20@yahoo.ca> wrote in message
    news:1ft6805u0mchvqbk69fkik41denbvgkm4v@4ax.com...
    > It's not really possible to eliminate buffer overruns in hardware,
    > just to limit the amount of damage that can be caused when a buffer
    > overrun occurs. With the non-executable memory pages that AMD has in
    > their x86-64 chips a buffer overrun tends to just become a DoS attack
    > instead of a remote exploit. Definitely an improvement, but by no
    > means a surefire fix, and it is still possible (though somewhat
    > difficult) to get a remote exploit with a buffer overrun, even with
    > non-executable pages.

    I've said it before, and I'll say it again. If these OS designers had just
    implemented the Intel segmentation mechanisms to separate out code from data
    and the stack, this stuff would've never ever happened.

    Yousuf Khan
  12. Archived from groups: comp.sys.ibm.pc.hardware.chips (More info?)

    On a sunny day (Tue, 20 Apr 2004 03:59:05 -0400) it happened Tony Hill
    <hilla_nospam_20@yahoo.ca> wrote in
    <9pf980dqa002h641n6p8ffe17diqvmv8h5@4ax.com>:

    >On Mon, 19 Apr 2004 17:14:55 GMT, Jan Panteltje
    ><pNaonStpealmtje@yahoo.com> wrote:
    >>On a sunny day (Sun, 18 Apr 2004 18:01:10 -0400) it happened Tony Hill
    >><hilla_nospam_20@yahoo.ca> wrote in
    >><aoq580pcj5tvqde7kd6ht8ji13n9ktoh3j@4ax.com>:
    >>
    >>>So, is this like the processor serial number? Not exactly. The TCG
    >>>technology has some potentially very useful technology while the
    >>>Processor Serial Number did not. On the flip side, there are some
    >>>potentially downsides to this TCG stuff, while the serial number was
    >>>pretty much pointless.
    >>But does it have some unique ID?
    >
    >My understanding is that yes, you can uniquely identify a PC by it's
    >Trusted Computing Processor (or whatever the name of it is today).
    >
    >>Not that give a .... my IP address and ethernet Hwaddr already uniquely
    >>ID me.
    >>But this I KNOW, in my view users should be informed if they are traced.
    >
    >They should be, but aren't today. I don't think this Trusted
    >Computing stuff is really going to change things much here, as you
    >mentioned the ethernet MAC address is already unique as far as 99.9%
    >of all users are concerned (yes, it can be changed, but virtually no
    >one does change it). Similarly you can get a serial number from your
    >hard drive to uniquely identify a PC, or you can go the Microsoft
    >route and get a sort of hash of all the hardware in the system.
    >
    >The TCG stuff works in almost the exact same way as all of this, it
    >just automates things a tiny bit more, ie the application just
    >executes one bit of code specifically designed to get this information
    >rather than pulling it out of a variety of sources.
    >
    >Note that this doesn't mean that web sites can secretly spy on you
    >because of this. As long as your browser isn't COMPLETELY broken
    >(read: as long as you are not running Internet Explorer with it's
    >enormous multitude of security holes) it's not possible to execute
    >arbitrary code like this just by viewing a web page. However if you
    >install an app on your system it could well read the TCG number and
    >report back to the app writer.
    What really worries me about all this, is that your PC will possibly
    become just a terminal to a MS authentication server (or the States
    or whatever regulating authority), where they will be able to deny
    even net-access if you do not run THEIR software and hardware.
    OR, force you to upgrade.
    Something like customer binding.. but then with a big lead ball on your
    foot.
    Absolutely these systems should NOT be part of a processor, and given a
    choice I would buy from the competition.
    Not only that, it is technically very possible to have some logic in
    the mobo chipset that stores keyboard strokes, and sends these over the
    net upon request to some NSA(for example) URL.
    With only 2 processor manufacturers and just a few chipset makers, this
    is a real danger.
    It would become a real disaster if the system was hacked, as every bodies
    secrets would be out.
    We should really do whatever we can both technically and politically to
    avoid such a system becoming a reality.
    I do not want to give up my computing to some big corporation, MS, or a
    state controlled by it.
    I do not want to see Linux killed by it (and that included IBM too) by
    having a system that lets only 'authenticated' PCs connect to the net.
    the servers will of cause be the next target from that group, and once
    they get their hands on the servers, or routers even, they can do what
    they want.
    IF laws need making, let us start giving food to the lawyers by having them
    look at protection of free Internet traffic, independent of system, country,
    OS, and everything else.
    JP
  13. Archived from groups: comp.sys.ibm.pc.hardware.chips (More info?)

    On Tue, 20 Apr 2004 19:42:04 GMT, Jan Panteltje
    <pNaonStpealmtje@yahoo.com> wrote:

    >What really worries me about all this, is that your PC will possibly
    >become just a terminal to a MS authentication server (or the States
    >or whatever regulating authority), where they will be able to deny
    >even net-access if you do not run THEIR software and hardware.

    <snipped>

    >having a system that lets only 'authenticated' PCs connect to the net.
    >the servers will of cause be the next target from that group, and once
    >they get their hands on the servers, or routers even, they can do what
    >they want.

    Oh yes, this is precisely the worry. Once a standardized system is in
    place, with the mass market volume of x86 consumer system, it would be
    an easy, logical next step for them to start implementing surveillance
    and control systems into the internet structure.

    From then on, forget about free speech and all that nonsense.

    --
    L.Angel: I'm looking for web design work.
    If you need basic to med complexity webpages at affordable rates, email me :)
    Standard HTML, SHTML, MySQL + PHP or ASP, Javascript.
    If you really want, FrontPage & DreamWeaver too.
    But keep in mind you pay extra bandwidth for their bloated code
  14. Archived from groups: comp.sys.ibm.pc.hardware.chips (More info?)

    a?n?g?e?l@lovergirl.lrigrevol.moc.com (The little lost angel) wrote
    :

    > .... it
    > would be an easy, logical next step for them to start implementing
    > surveillance and control systems into the internet structure.

    uhm .. carnivore :/


    Pozdrawiam.
    --
    RusH //
    http://pulse.pdi.net/~rush/qv30/
    Like ninjas, true hackers are shrouded in secrecy and mystery.
    You may never know -- UNTIL IT'S TOO LATE.
  15. Archived from groups: comp.sys.ibm.pc.hardware.chips (More info?)

    On Tue, 20 Apr 2004 19:42:04 GMT, Jan Panteltje
    <pNaonStpealmtje@yahoo.com> wrote:
    >On a sunny day (Tue, 20 Apr 2004 03:59:05 -0400) it happened Tony Hill
    ><hilla_nospam_20@yahoo.ca> wrote in
    ><9pf980dqa002h641n6p8ffe17diqvmv8h5@4ax.com>:
    >>Note that this doesn't mean that web sites can secretly spy on you
    >>because of this. As long as your browser isn't COMPLETELY broken
    >>(read: as long as you are not running Internet Explorer with it's
    >>enormous multitude of security holes) it's not possible to execute
    >>arbitrary code like this just by viewing a web page. However if you
    >>install an app on your system it could well read the TCG number and
    >>report back to the app writer.
    >What really worries me about all this, is that your PC will possibly
    >become just a terminal to a MS authentication server (or the States
    >or whatever regulating authority), where they will be able to deny
    >even net-access if you do not run THEIR software and hardware.
    >OR, force you to upgrade.

    That is a VERY big jump from what the TCG group in implementing.
    There is absolutely NO WAY for the current TCG stuff to ever do what
    you're talking about, it would have to be a SIGNIFICANTLY different
    technology. Now, will one thing lead to the other? Well that's
    another question...

    >Something like customer binding.. but then with a big lead ball on your
    >foot.
    >Absolutely these systems should NOT be part of a processor, and given a
    >choice I would buy from the competition.
    >Not only that, it is technically very possible to have some logic in
    >the mobo chipset that stores keyboard strokes, and sends these over the
    >net upon request to some NSA(for example) URL.

    You do, of course, realize that this could happen right now with
    spyware applications. Implementing it in hardware would still require
    software support (drivers at least), ie you would need spyware
    installed regardless of what hardware you had. If this has to be
    supported in the operating system anyway, why would someone bother
    with trying to stick this on hardware? It would be much easier and
    cheaper just to do it all in software.

    >With only 2 processor manufacturers and just a few chipset makers, this
    >is a real danger.

    A bigger danger is that there is only one main operating system
    vendor. As mentioned above, you need the OS to do this regardless of
    any hardware backend.

    >I do not want to see Linux killed by it (and that included IBM too) by
    >having a system that lets only 'authenticated' PCs connect to the net.

    I somehow don't see this happening. It's not in anyone's interest
    other than Microsoft to allow this, and while Microsoft has a lot of
    power in the PC industry, they don't have THAT much power.
    Particularly companies like IBM, HP, Dell, Intel and AMD would all
    gang up against such a plan.

    -------------
    Tony Hill
    hilla <underscore> 20 <at> yahoo <dot> ca
  16. Archived from groups: comp.sys.ibm.pc.hardware.chips (More info?)

    On Wed, 21 Apr 2004 05:55:50 +0000 (UTC), RusH <rush@pulse.pdi.net>
    wrote:

    >a?n?g?e?l@lovergirl.lrigrevol.moc.com (The little lost angel) wrote
    >> .... it
    >> would be an easy, logical next step for them to start implementing
    >> surveillance and control systems into the internet structure.
    >
    >uhm .. carnivore :/

    Is that thing still around, are they really using it already?

    --
    L.Angel: I'm looking for web design work.
    If you need basic to med complexity webpages at affordable rates, email me :)
    Standard HTML, SHTML, MySQL + PHP or ASP, Javascript.
    If you really want, FrontPage & DreamWeaver too.
    But keep in mind you pay extra bandwidth for their bloated code
  17. Archived from groups: comp.sys.ibm.pc.hardware.chips (More info?)

    a?n?g?e?l@lovergirl.lrigrevol.moc.com (The little lost angel) wrote :

    > On Wed, 21 Apr 2004 05:55:50 +0000 (UTC), RusH <rush@pulse.pdi.net>
    > wrote:
    >
    >>a?n?g?e?l@lovergirl.lrigrevol.moc.com (The little lost angel) wrote
    >>> .... it
    >>> would be an easy, logical next step for them to start implementing
    >>> surveillance and control systems into the internet structure.
    >>
    >>uhm .. carnivore :/
    >
    > Is that thing still around, are they really using it already?

    http://stopcarnivore.org/

    Pozdrawiam.
    --
    RusH //
    http://pulse.pdi.net/~rush/qv30/
    Like ninjas, true hackers are shrouded in secrecy and mystery.
    You may never know -- UNTIL IT'S TOO LATE.
  18. Archived from groups: comp.sys.ibm.pc.hardware.chips (More info?)

    On a sunny day (Wed, 21 Apr 2004 17:49:03 -0400) it happened Tony Hill
    <hilla_nospam_20@yahoo.ca> wrote in
    <q7pd801apg0k4j64913tj9vs3ldk3f3eqi@4ax.com>:

    >You do, of course, realize that this could happen right now with
    >spyware applications. Implementing it in hardware would still require
    >software support (drivers at least),
    You make some good points, and I hope you are right.
    But implementing in hardware in the chipset would need no software or OS
    or anything else at all, hardware buffer for the keystrokes, compare
    incoming request in on board ethernet versus (encrypted likely) Hwaddr
    send to (encryped) url, be done, OS would not know.
    Sort of the ultimate backdoor, right there on the mobo :-)
    If it can be done it will be done.
    Maybe by a Dr Strangelove, or some group with power in the gov, like that
    Homeland group...
    If you were in their position, well I would press for it to be implemented.
    Fun times as always.
    JP
  19. Archived from groups: comp.sys.ibm.pc.hardware.chips (More info?)

    On Wed, 21 Apr 2004 22:21:05 GMT, Jan Panteltje <pNaonStpealmtje@yahoo.com>
    wrote:

    >On a sunny day (Wed, 21 Apr 2004 17:49:03 -0400) it happened Tony Hill
    ><hilla_nospam_20@yahoo.ca> wrote in
    ><q7pd801apg0k4j64913tj9vs3ldk3f3eqi@4ax.com>:
    >
    >>You do, of course, realize that this could happen right now with
    >>spyware applications. Implementing it in hardware would still require
    >>software support (drivers at least),
    >You make some good points, and I hope you are right.
    >But implementing in hardware in the chipset would need no software or OS
    >or anything else at all, hardware buffer for the keystrokes, compare
    >incoming request in on board ethernet versus (encrypted likely) Hwaddr
    >send to (encryped) url, be done, OS would not know.
    >Sort of the ultimate backdoor, right there on the mobo :-)
    >If it can be done it will be done.
    >Maybe by a Dr Strangelove, or some group with power in the gov, like that
    >Homeland group...
    >If you were in their position, well I would press for it to be implemented.
    >Fun times as always.

    Yep - I think the point is that "they" don't take all your rights away in
    one fell swoop. Nibble by nibble and bit by bit... one day you "suddenly"
    find out that you have been disenfranchised, but that last nibble was only
    a little one.

    Rgds, George Macdonald

    "Just because they're paranoid doesn't mean you're not psychotic" - Who, me??
  20. Archived from groups: comp.sys.ibm.pc.hardware.chips (More info?)

    On Wed, 21 Apr 2004 22:21:05 GMT, Jan Panteltje
    <pNaonStpealmtje@yahoo.com> wrote:
    >On a sunny day (Wed, 21 Apr 2004 17:49:03 -0400) it happened Tony Hill
    ><hilla_nospam_20@yahoo.ca> wrote in
    ><q7pd801apg0k4j64913tj9vs3ldk3f3eqi@4ax.com>:
    >
    >>You do, of course, realize that this could happen right now with
    >>spyware applications. Implementing it in hardware would still require
    >>software support (drivers at least),
    >You make some good points, and I hope you are right.
    >But implementing in hardware in the chipset would need no software or OS
    >or anything else at all, hardware buffer for the keystrokes, compare
    >incoming request in on board ethernet versus (encrypted likely) Hwaddr
    >send to (encryped) url, be done, OS would not know.
    >Sort of the ultimate backdoor, right there on the mobo :-)

    You're talking about involving the firmware of a motherboard to
    reprogram the motherboard chipset and NIC chip, all of which are made
    by dozens of different companies. This would be damn near impossible
    to get functioning outside of single test-cases (change any one of the
    above and it all breaks) and would cause all sorts of random other
    problems, all for something that would be TOTALLY rejected by
    everyone, and they DO have a choice here?

    >If it can be done it will be done.

    If something it unwanted by the vast majority of people, can be
    avoided VERY easily (by replacing any of the three components
    mentioned above), is mostly out of the control of any one company or
    country... all the while there is a MUCH easier solution that is
    entirely implemented by ONE company (Microsoft)?

    >Maybe by a Dr Strangelove, or some group with power in the gov, like that
    >Homeland group...
    >If you were in their position, well I would press for it to be implemented.

    They can press all they want, but it's not going to do a like of good
    to convince some Taiwanese motherboard makers to spend billions of
    dollars implementing something that their customers are going to hate!

    I think your fears here are rather misdirected. What we should be
    worried about is the fact that Microsoft could do this all on their
    own with NO trouble at all and it would be very difficult to detect
    without a network sniffer. Hell, even a decent spyware app could be
    sent out, possibly as a worm, by the DOBH (Dept. of Black Helicopters)
    and 95%+ of users would never notice it.

    -------------
    Tony Hill
    hilla <underscore> 20 <at> yahoo <dot> ca
Ask a new question

Read More

CPUs Intel Processors