My collegaue Seth Schoen has written an audacious article for Linux Journal in which he calls on the architects of "Trusted Computing" [TCPA|TCG|Palladium|NGSCB] systems -- which ostensibly solve some of the Internet's security problems by adding cryptographicallly secured tamper-detection to the hardware of the commodity PC -- to add a feature that he calls "Owner Override."
Trusted Computing proposals have drawn fire as tools for lock-in and other anti-competitive strategies; Seth's Owner Override allows the owner of a computer to override the Trusted Computing security when it is in her own interest.
For example, you could use Owner Override to tell a "lie" to your bank, which insists that you use Microsoft Internet Explorer to access its website, and convince the bank's webserver that your copy of Opera or Safari or Mozilla is really Internet Explorer. This is possible (even routine) today, but in a Trusted Computing universe, it will be impossible, modulo Owner Override.
Fortunately, this problem is fixable. TCG should empower computer owners to override attestations deliberately to defeat policies of which they disapprove. Giving the owner this choice preserves an essential part of the status quo: third parties can never know for sure what's running on your PC. TCG already defines a platform owner concept. The TCG specification also should provide for a facility by which the platform owner, when physically present, can force the TPM chip to generate an attestation as if the Platform Configuration Registers (PCRs) contained values of the owner's choice instead of their actual values.
APIs and a clear user interface for the override mechanism could be specified by an appropriate TCG committee. Only the platform owner should be able to do this; whenever a machine provides an inaccurate attestation, it does so for what its owner considered an appropriate reason. This change would do nothing to undermine the basic security benefits of the TCPA hardware, including those outlined in the Safford article; you still could tell whether your computer had been altered.
This gadget does exactly as promised: it looks like a thumbdrive (sort of) and fries the circuitry of any computer it’s plugged into. It’s made from camera flash parts, is charged with a standard AA battery, and delivers a 300V zap of DC destruction to the port for all your USB-murdering needs. Note that this […]
The Cobham catalog, exposed by The Intercept, features countless pages of surveillance gadgets sold to U.S. police to spy on American citizens: tiny black boxes with a big interest in you. In the creepily bland feature lists and nerdy product names is a whisper of a dark future; perhaps darker than anyone can imagine.
This image depicts the most commonly-found stylesheet colors on the web’s top sites—Paul Hebert did an amazing amount of analysis and this is just one of the intriguing visualizations he came up with. Most of these are obvious staples, especially HTML red and blue, though it’s interesting how far the blue “cluster” is from the […]
These days, there’s definitely no shortage of touchscreen gloves available, but the key is finding ones that consistently work well. These iGloves Touchscreen Gloves are super reliable, and are on sale for just $11.99.Super comfortable and functional, these gloves will keep your hands warm and still let you use any touchscreen, from phones to tablets. The iGloves’ […]
The Black Friday Mac Bundle 2.0 is one of the Boing Boing Store’s best-selling Mac bundles yet, and it’s about to come to an end. If you don’t get your copy now, here’s what you’ll be missing:This bundle comes packing 9 top-rated Mac apps in one package, at the hugely discounted price of just $23.99. […]
The Boing Boing Store’s Gift Guide is full of ideas for pretty much anyone in your life like hipster ice cub trays, Xbox controllers, Halo Boards, and even diamond necklaces. As always, all products in the Boing Boing Store come at great discounts, too. Shop by price bucket starting at under $20. Under $20:Bloxx Jumbo Ice Trays […]