02.18.10
Microsoft’s General Manager of ‘Trustworthy’ Computing Quits as TPM Gets Cracked
Summary: More cornerstones of Microsoft’s lock-in break apart and Outlook too is suffering from serious issues
DEPARTURES from Microsoft carry on as the company is failing [1, 2, 3, 4]. The latest Microsoft manager to jump ship will add to Amazon poison (many former Microsoft executives are moving there, e.g. [1, 2]), but the most interesting detail was his professional focus at Microsoft:
Microsoft has lost another key employee to Amazon.com. George Stathakopoulos, a computer security expert who’d been with Microsoft for nearly two decades, took a job at Amazon, Microsoft spokesman Lou Gellos confirmed. Stathakopoulos was general manager of the Trustworthy Computing Group at Microsoft and was front and center in Microsoft’s efforts to combat the Conficker worm last year.
“Trustworthy Computing Group,” eh? What an Orwellian title/name for the group.
For those who have not heard yet, Microsoft’s Xbox DRM is going down the loo. Here is one report about the subject (published yesterday):
Hardware hacker Christopher Tarnovsky just wanted to break Microsoft’s grip on peripherals for its Xbox 360 game console. In the process, he cracked one of the most heavily fortified chips ever put into a consumer device.
[...]
Its genesis came when Tarnovsky learned that manufacturers of video game controllers had to obtain a license from Microsoft for the peripherals to work on the Xbox 360. The requirement offended his sense of fair play, so he put his reverse engineering muscle to breaking it.
“I was very surprised they would put a security chip in a wired controller, as well as a wireless controller,” he said. “It’s very monopolistic what they’ve done. They have a right to do it, but I have a right to break it too.”
[...]
Using the tungsten as microscopic bridges, Tarnovsky said, he can digitally clone chips used to prevent piracy of satellite TV service, to disable unauthorized cartridges in printers – or to make Xbox game controllers.
“You could counterfeit this chip,” he said, although he stressed he had no plans to use the hack for illegal purposes.
One of our readers “thought that the boot sequence in WinTEL hardware was restricted such that unauthorised software couldn’t get on to it,” according to mail he sent us last night regarding TPM getting cracked. He adds: “Remember how dual-boot couldn’t work anymore if Bitlocker was active? It’s called Trusted Platform Module (TPM) and utilised a ‘trusted boot pathway’. Why isn’t the big story that TPM is broken?”
Well, actually, is it being reported and circulated more widely while we write this. Attempts to put TPM in Linux will hopefully fail too; it’s a case of security as lock-in, to use the words of Bill Gates. Our Linux DRM warnings go a while back as it's a curse, not a feature or a blessing. There is a similarity here.
For those who think that Microsoft DRM/TPM is the only thing breaking today, here is another one to have a field day with:
Outlook bug creates monster e-mail files
Microsoft is trying to fix a bug in the e-mail program Outlook 2010 Beta that creates unusually large e-mail files that take up too much space.
They just cannot implement things properly, can they? They also ignore mail storage standards, which helps not at all. █
Yuhong Bao said,
February 18, 2010 at 9:31 pm
““Trustworthy Computing Group,” eh? What an Orwellian title/name for the group.”
Don’t confuse Trustworthy Computing with Trusted Computing, only the latter is Orwellian.
Roy Schestowitz Reply:
February 18th, 2010 at 9:50 pm
There is nothing “Trustworthy” about Windows.
And by the way, there is no confusion. I didn’t blend TPM with DRM (which also can relate to Tivoization) and the “Trustworthy Computing Group”.
your_friend Reply:
February 18th, 2010 at 11:59 pm
There is nothing trustworthy about any non free software.
Have you seen this developing scandal, where a US school system used school issued laptop cameras to spy on grade school students? Remember the , in Lenovo/TPM roll out NSW and other school systems [2]? Look at the same bogus excuses and language that inverts the trust relationship and makes the child the untrustworthy criminal to be monitored. If ever there was a good case against non free software and TPM, this is it.
This is the future non free software companies want for us and why they killed the OLPC program. Instead of a roll out of millions of cheap, free software devices that encourage sharing and real learning, we see expensive deployments of user hostile software that’s not even well suited for corporate cube. Sharing eliminates the power of incumbent publishers and telco companies, so they hate your freedom.
Roy Schestowitz Reply:
February 19th, 2010 at 5:08 am
I didn’t know about Blake J. Robbins v. Lower Merion School District. Thanks for that.
Yuhong Bao said,
February 18, 2010 at 10:00 pm
“he sent us last night regarding TPM getting cracked. ”
Last words point to an article unrelated to TPM.
Roy Schestowitz Reply:
February 18th, 2010 at 10:03 pm
Here are some better links from the news (our reader sent a rootkit case):
http://www.h-online.com/security/news/item/Hacker-extracts-crypto-key-from-TPM-chip-927077.html
http://www.bit-tech.net/news/bits/2010/02/10/tpm-security-cracked-wide-open/1
http://www.theinquirer.net/inquirer/news/1591069/ex-army-bloke-us-ready-cyber-war
http://www.google.com/hostednews/ap/article/ALeqM5j-OodvoFRhEcpfvnK5C7YL6JWJBQD9DO79A81
Yuhong Bao Reply:
February 18th, 2010 at 10:05 pm
Thank you, one of these is what the link should have been pointing to.
Roy Schestowitz Reply:
February 18th, 2010 at 10:06 pm
Well, thanks a lot for spotting this.