Hey, kudos!
You don't run arbitrary scripts either!

My apologies for the JS on this page…
it's prettify.js for syntax highlighting
in code blocks. I've added one line of
CSS for you; the rest of this site
should work fine.

      ♥Ⓐ isis

code.

Other articles


  1. FBI Harassment


    Obligatory Disclaimer: Personal or political views presented within this post absolutely do not reflect those of my employer(s), client(s), and/or legal counsel.

    In the final week of November 2015, a Special Agent from the Federal Bureau of Investigation, Mr. Mark Burnett, knocked on the door of my family’s home and left his card, with an additional phone number penciled in. All my family members residing in America had planned a week-long vacation and were all on a remote island. When the FBI receives DHS flight records as if they’re the morning paper, I must admit that whatever reasons for why the Bureau didn’t know that I or my family were absent escape me entirely.


    read more
  2. Using Intel SGX Enclaves in NFC-enabled TPM-based Local Attestation


    Previously, Matthew Garrett and I came up with an new idea for a method of local attestation. Local attestation here means: authenticating the computer that the user possesses a valid hardware token and authenticating to the user that the computer is executing the intended code, and that said code has not been tampered with. The idea is to use some NFC-enabled “smart” wearable device, something trivially hideable on (or inside¹) one’s person in order to authenticate to the TPM, which then validates that the next stage of code to be executed, e.g. usually the kernel (ring 0) or the hypervisor (ring “-1”), has verifiable integrity. Matthew has a great 32c3 talk on TPM-based local attestation, and even breifly, towards the end of the video, mentions the NFC ideas.

    As an example use case, this would allow journalists² greater safety when crossing borders. Your laptop got taken away by the TLA at a border? Not such a problem; it simply doesn’t boot without you present. The TLA took your laptop into the back room to try to install some malware on it? No worries, because your laptop will refuse to boot the next time you try to do so (or it could signal in some other way that the system was compromised… however, refusing to decrypt the user’s harddrive is probably a bare minimum safety requirement, and refusing to boot at all is probably the safest).

    However, all of this places a great deal of trust in both the TPM device and its manufacturer…

    read more

Page 1 / 31 »

blogroll

social