Conversation

Notices

1. lnxw48a1 (lnxw48a1@nu.federati.net)'s status on Saturday, 05-Dec-2020 14:42:34 EST lnxw48a1
   https://pluralistic.net/2020/12/05/trusting-trust/
   
   > WARNING WARNING WARNING WARNING
   
   > Security researchers are alarmed: the already-notorious Trickbot malware has been spottied probing infected computers to find out which version of UEFI they're running. This is read as evidence that Trickbot has figured out how to pull off a really scary feat.
   
   Source: https://mamot.fr/@pluralistic/105329139472008620
   
   #Security #UEFI #BIOS #TPM #Trusted-Computing
   
   CC: @mangeurdenuage @geniusmusing @musicman
   
   It's a long article, but well worth your time.
   1. GeniusMusing (geniusmusing@nu.federati.net)'s status on Saturday, 05-Dec-2020 15:46:21 EST GeniusMusing

      in reply to
      @lnxw48a1 @musicman @mangeurdenuage
      Meet the new boss, same as the old boss...
      
      What Google's Titan M chip means for Android security and ROMs
      https://www.androidauthority.com/titan-m-security-chip-915888/
      
      >snip
      >A closer look at the Titan M
      >
      >At its most basic level, Google’s Titan M is a standalone security focused chip that sits alongside the main processor. In the Pixel 3’s case, it’s paired up with the Qualcomm’s Snapdragon 845. The chip’s primary function is to verify the boot conditions for starting up Android, ensuring that it hasn’t been tampered with at a low level. The Titan M verifies the signature of its flash-based firmware using a public key built into the chip’s silicon.
      >end snip
      
      And maybe the next target?
      1. mangeurdenuage (mangeurdenuage@loadaverage.org)'s status on Saturday, 05-Dec-2020 21:13:29 EST mangeurdenuage

         in reply to
         @geniusmusing @lnxw48a1 @musicman
         >https://www.androidauthority.com/titan-m-security-chip-915888/
         What a load of bloat.
         Has said in the article that @lnxw48a1 shared as long as the trust model forces you to trust only one entity then you can't trust it.
         1. Bob Jonkman (bobjonkman@gs.jonkman.ca)'s status on Sunday, 06-Dec-2020 18:29:39 EST Bob Jonkman

            in reply to
            That article (from 2018!) is just like reading a dystopian #SciFi novel, all newspeak and doublethink: "The chip also supports the Android Strongbox Keymaster module, including Trusted User Presence and Protected Confirmation" https://www.androidauthority.com/titan-m-security-chip-915888/
   2. lnxw48a1 (lnxw48a1@nu.federati.net)'s status on Saturday, 05-Dec-2020 15:55:49 EST lnxw48a1

      in reply to
      Connecting some dots:
      
      https://loadaverage.org/conversation/14242507
      
      https://loadaverage.org/conversation/14242327
   3. mangeurdenuage (mangeurdenuage@loadaverage.org)'s status on Saturday, 05-Dec-2020 20:58:59 EST mangeurdenuage

      in reply to
      Thanks for sharing, it was a good lecture. I was aware of the problems, not about Trickbot tho.