Originally posted by F.Ultra
View Post
Announcement
Collapse
No announcement yet.
Lennart: Linux Comes Up Short Around Disk Encryption, Authenticated Boot Security
Collapse
X
-
-
Originally posted by krzyzowiec View Post
No, you cannot change the EK. It is written into the hardware at the time of its manufacture. If you could change it, that would undermine the whole point of a TPM. There are other ways you can identify someone, but again those are all software. So I can defeat fingerprinting by using a common user agent. I can avoid Microsoft by installing Linux. With a TPM there is literally nothing I can do except change hardware. I remember how upset people were when Fedora talked about creating a unique identifier just for tracking the number of individual users they had, or something like that, but this is much worse.
Changing the EK does not undermine the whole point of TPM since the whole point of TPM is not to identify the chip but to allow the owner to put keys into it that you cannot get back out again so that you can store a private key and then let TPM encrypt data with that private key so that you later can decrypt it using the public key. Changing or clearing the EK would simply mean that you lost access to all those other keys stored on the chip.
There are books that at least claims that you can change the EK to your own value and apparently Windows have tools for this: https://books.google.se/books?id=F69...e%20ek&f=false
Comment
-
Originally posted by F.UltraChanging the EK does not undermine the whole point of TPM since the whole point of TPM is not to identify the chip but to allow the owner to put keys into it that you cannot get back out again so that you can store a private key and then let TPM encrypt data with that private key so that you later can decrypt it using the public key. Changing or clearing the EK would simply mean that you lost access to all those other keys stored on the chip.
Comment
-
-
Would be nice if Linux would provide a WebAuthn/U2F platform authenticator backed by TPM like: https://github.com/psanford/tpm-fido
Comment
-
Originally posted by birdie View Post
Windows 10 with "spying" has been around for over 6 years. No one has been able to show how it's leaking data left and right. Perhaps tildearrow wants to believe that Windows is spying but for some reasons he's saying that as if it's a fact instead of his belief.
I'm glad Michael no longer allows you to moderate because for that you're lacking some crucial traits like critical thinking and adherence to proven facts instead of "I've heard something it must be true".
* Frequent pings to MS servers with installation GUID + IP address
* By default, hashes of launched executables
* terms typed into start menu (for bing search function)
* An all-interface DNS strategy that could frequently leak DNS queries off of unencrypted interfaces
And much more. Some of this can be disabled, but the pingbacks cannot and are sufficient on their own to trivially unmask e.g. a dissident using a swiss based VPN. All a nation-state needs to subpoena Microsoft for a few bits of information-- the GUID associated with the VPN-based actor, all other IPs associated with that GUID, and timestamps for when those connections occurred. You can then trivially determine the pre-VPN IP address + timestamp, which is enough to go to the in-country ISP and demand identity information.
This is without even getting into the issues with the file hash submission (check if user is using HASH(tor.exe)) or DNS leaks (makes poisoning responses easy!).
Maybe "spying" is the wrong term; maybe its better phrased as enabling spying, because they can certainly do that. Microsoft has baked in even more juicy capabilities, like the ability to serve custom updates to particular cohorts of Windows installations. It's not like China would ever coerce a vendor into pushing custom keyword detection lists to client software, right?
- Likes 3
Comment
-
Originally posted by ll1025 View Post
This is somewhat late to the party but I want to respond here. I did some network analysis with fiddler back when Win10 came out and one of the things that stuck out was how much data was leaking:
* Frequent pings to MS servers with installation GUID + IP address
* By default, hashes of launched executables
* terms typed into start menu (for bing search function)
* An all-interface DNS strategy that could frequently leak DNS queries off of unencrypted interfaces
And much more. Some of this can be disabled, but the pingbacks cannot and are sufficient on their own to trivially unmask e.g. a dissident using a swiss based VPN. All a nation-state needs to subpoena Microsoft for a few bits of information-- the GUID associated with the VPN-based actor, all other IPs associated with that GUID, and timestamps for when those connections occurred. You can then trivially determine the pre-VPN IP address + timestamp, which is enough to go to the in-country ISP and demand identity information.
This is without even getting into the issues with the file hash submission (check if user is using HASH(tor.exe)) or DNS leaks (makes poisoning responses easy!).
Maybe "spying" is the wrong term; maybe its better phrased as enabling spying, because they can certainly do that. Microsoft has baked in even more juicy capabilities, like the ability to serve custom updates to particular cohorts of Windows installations. It's not like China would ever coerce a vendor into pushing custom keyword detection lists to client software, right?
And half of what you've shown Firefox does out of the box.
Comment
-
Originally posted by birdie View Post
I'm glad you've replied. Now tell me honestly, which parts of these are private user's files, contacts, visited URLs? Nothing? Speaking of sending the hashes of launched executables - many AV solutions do exactly that, and no one is screaming that they are all spying on the user.
And half of what you've shown Firefox does out of the box.
If you're not understanding why that is a risk, consider a dissident who has come into possession of a known document, perhaps a democratic manifesto in a repressive country. That file has a known hash, and the government can trivially ask Microsoft for who has that file, has opened it, what all of their known IPs are, what their username is, and what their installation ID is.
Or perhaps they just ask microsoft for that information for all users known to run the hash of Tor.
Why is it different than e.g. antivirus vendors? Because in many cases you cannot turn off these features in Windows, nor are they advertised. Most AV vendors advertise the cloud aspects of their products.
And no, Firefox does not do these things. I'm assuming you're referring to SafeBrowsing, which uses partial hashes and local lists to protect privacy. The exposure is also drastically different, because Firefox does not need to care if it is served with a Chinese government order.
I'm considering doing another analysis to see what has changed now, but I do know that Windows 11 all but forces the use of a microsoft account which defaults to placing your documents in OneDrive (where they do in fact get your documents, contacts, URLs, etc).
EDIT: I did some more digging. It's moot now, since casual analysis with fiddler + glasswire shows that Microsoft is now bypassing proxies for their phone-home bits (such as used by fiddler for analysis) and I suspect that they're also using pinned certificates, which would make it impossible to see what they're doing via network inspection. It may be possible to develop a driver that could grab the pre-encryption traffic, but that's outside of my ability and frankly it should be alarming that they were grabbing so much before locking it down.Last edited by ll1025; 06 December 2021, 12:28 PM.
- Likes 2
Comment
Comment