Bonum Certa Men Certa

Microsoft's General Manager of 'Trustworthy' Computing Quits as TPM Gets Cracked

[an error occurred while processing this directive]



Summary: More cornerstones of Microsoft's lock-in break apart and Outlook too is suffering from serious issues

DEPARTURES from Microsoft carry on as the company is failing [1, 2, 3, 4]. The latest Microsoft manager to jump ship will add to Amazon poison (many former Microsoft executives are moving there, e.g. [1, 2]), but the most interesting detail was his professional focus at Microsoft:



Microsoft has lost another key employee to Amazon.com. George Stathakopoulos, a computer security expert who'd been with Microsoft for nearly two decades, took a job at Amazon, Microsoft spokesman Lou Gellos confirmed. Stathakopoulos was general manager of the Trustworthy Computing Group at Microsoft and was front and center in Microsoft's efforts to combat the Conficker worm last year.


"Trustworthy Computing Group," eh? What an Orwellian title/name for the group.

For those who have not heard yet, Microsoft's Xbox DRM is going down the loo. Here is one report about the subject (published yesterday):

Hardware hacker Christopher Tarnovsky just wanted to break Microsoft's grip on peripherals for its Xbox 360 game console. In the process, he cracked one of the most heavily fortified chips ever put into a consumer device.

[...]

Its genesis came when Tarnovsky learned that manufacturers of video game controllers had to obtain a license from Microsoft for the peripherals to work on the Xbox 360. The requirement offended his sense of fair play, so he put his reverse engineering muscle to breaking it.

"I was very surprised they would put a security chip in a wired controller, as well as a wireless controller," he said. "It's very monopolistic what they've done. They have a right to do it, but I have a right to break it too."

[...]

Using the tungsten as microscopic bridges, Tarnovsky said, he can digitally clone chips used to prevent piracy of satellite TV service, to disable unauthorized cartridges in printers - or to make Xbox game controllers.

"You could counterfeit this chip," he said, although he stressed he had no plans to use the hack for illegal purposes.


One of our readers "thought that the boot sequence in WinTEL hardware was restricted such that unauthorised software couldn't get on to it," according to mail he sent us last night regarding TPM getting cracked. He adds: "Remember how dual-boot couldn't work anymore if Bitlocker was active? It's called Trusted Platform Module (TPM) and utilised a 'trusted boot pathway'. Why isn't the big story that TPM is broken?"

Well, actually, is it being reported and circulated more widely while we write this. Attempts to put TPM in Linux will hopefully fail too; it's a case of security as lock-in, to use the words of Bill Gates. Our Linux DRM warnings go a while back as it's a curse, not a feature or a blessing. There is a similarity here.

For those who think that Microsoft DRM/TPM is the only thing breaking today, here is another one to have a field day with:

Outlook bug creates monster e-mail files



Microsoft is trying to fix a bug in the e-mail program Outlook 2010 Beta that creates unusually large e-mail files that take up too much space.


They just cannot implement things properly, can they? They also ignore mail storage standards, which helps not at all.

Recent Techrights' Posts

Real Life Should be Offline, Not Online, and It Requires Free Software
Resistance means having the guts to say "no!", even in the face of great societal burden and peer pressure
 
Links 26/09/2023: KDE, Programming, and More
Links for the day
Mozilla Promotes the Closed Web and Proprietary Webapps That Are Security and Privacy Hazards
This is just another reminder that the people who run Mozilla don't know the history of Firefox, don't understand the Web, and are beholden to "GAFAM", not to Firefox users
Debian More Like an Exploitative Sweatshop Than a Family
Wiltshire is riding a high horse in the UK, talking down to Indians who are "low-level" volunteers in his kingdom of authoritarians, guarded by an army of British lawyers who bully bloggers
Small Computers in Large Numbers: A Pipeline of Open Hardware
They guard and prioritise their "premiums", causing severe price hikes due to supply/demand disparities.
Microsoft Deserves a Medal for Being Worst at Security (the Media Deserves a Medal for Cover-up)
There are still corruptible/bribed publishers that quote Microsoft staff like they're security gurus
10 Reasons to Permanently Export or Liberate Your Site From WordPress, Drupal, and Other Bloatware
There are certainly more more advantages, but 10 should suffice for now
About 200,000 Objects in Techrights Web Site
This hopefully helps demonstrate just how colossal the migration actually is
Good Teachers Would Tell Kids to Quit Social Control Media Rather Than Participate in It (Teaching Means Education, Not Misinformation)
Insist that classrooms offer education to children rather than offer children to corporations
Twitter: From Walled Gardens to Paywalls and/or Amplifiers of Fascism
There's moreover a push to promote politicians who are as scummy as Twitter's owner
The World Wide Web is Being Confiscated From Us (Like Syndication Was Withdrawn About a Decade Ago) and We Need to Fight Back
We're worse off when fewer people promote RSS feeds and instead outsource to social control media (censorship, surveillance, manipulation)
Next Up: Restoring IRC Log Pipelines, Bulletins/Full Text RSS, Wiki (Archived, Static), and Pipelines for Daily Links
There are still many tasks left ahead of us, but we've progressed a lot
An Era of Rotting Technology, Migration Crises, and Cliffhanging
We've covered examples from IBM, resembling the Microsoft world
First Iteration of Techrights as 100% Static Pages Web Site
We want to champion another decade or two of positive impact and opinionated analysis
Links 25/09/2023: Patent News and Coding
some remaining links for today
Steam Deck is Mostly Good in the Sense That It Weakens Microsoft's Dominance (Windows)
The Steam Deck is mostly a DRM appliance
SUSE is Just Another Black Cat Working for Proprietary Giants/Monopolies
SUSE's relationship with firms such as these generally means that SUSE works for authority, not for community, and when it comes to cryptography it just follows guidelines from the US government
IBM is Selling Complexity, Not GNU/Linux
It's not about the clients, it's about money
Birthday of Techrights in 6 Weeks (Tux Machines and Techrights Reach Combined Age of 40 in 2025)
We've already begun the migration to static
Linux Foundation: We Came, We Saw, We Plundered
Linux Foundation staff uses neither Linux nor Open Source. They're essentially using, exploiting, piggybacking goodwill gestures (altruism of volunteers) while paying themselves 6-figure salaries.
Security Isn't the Goal of Today's Software and Hardware Products
Any newly-added layer represents more attack surface
Linux Too Big to Be Properly Maintained When There's an Incentive to Sell More and More Things (Complexity and Narrow Support Window)
They want your money, not your peace of mind. That's a problem.
Modern Web Means Proprietary Trash
Mozilla is financially beholden to Google and thus we cannot expect any pushback or for Firefox to "reclaims the Web" a second time around
Godot 4.2 is Approaching, But After What Happened to Unity All Game Developers Should be Careful
We hope Unity will burn in a massive fire and, as for Godot, we hope it'll get rid of Microsoft
GNU/Linux Has Conquered the World, But Users' Freedom Has Not (Impediments Remain in Hardware)
Installing one's system of choice on a device is very hard, sometimes impossible
Another Copyright Lawsuit Against Microsoft (or its Proxy) for Misuse of Large Works by Chatbot
Some people mocked us for saying this day would come; chatbots are a huge disappointment and they're on very shaky legal ground
Privacy is Not a Crime, Reporting Hidden Facts Is Not a Crime Either
the powerful companies/governments/societies get to know everything about everybody, but if anyone out there discovers or shares dark secrets about those powerful companies/governments/societies, that's a "crime"
United Workforce Always Better for the Workers
In the case of technology, it is possible that a lack of collective action is because of relatively high salaries and less physically-demanding jobs
Purge of Software Freedom and Its Voices
Reprinted with permission from Ryan Farmer
GNOME and GTK Taking Freedom Away From Users
Reprinted with permission from Ryan Farmer
GNOME is Worse Today (in 2023) Than When I Did GTK Development 20+ Years Ago
To me it seems like GNOME is moving backward, not forward, mostly removing features and functionality rather than adding any
HowTos Are Moving to Tux Machines
HowTos (or howtos) are very important in their own right, but they can easily distract from the news and howtos are usually quite timeless or time-insensitive
Proprietary Panda: Don't Be Misled by the Innocent Looks of Ubuntu (and Microsoft Canonical)
Given the number of disgruntled employees who leave Canonical and given Ubuntu's trend of just copying whatever IBM does in Fedora, is there still a good reason to choose Ubuntu?
Debian GNU/Linux is a Fine Operating System, But What if People Die Making It for Somebody's Corporate/Personal Gain?
Will companies that exploited unpaid volunteers ever be held accountable for loss of life, caused by burnout, excessive work, or poverty?
Links 24/09/2023: 5 Days' Worth of News (Catchup)
Links for the day
Leftover Links 24/09/2023: Russia, COVID, and More
Links for the day
Forty Years of GNU and the Free Software Movement
by FSF
Gemini and Web in Tandem
We're already learning, over IRC, that out new site is fully compatible with simple command line- and ncurses-based Web browsers. Failing that, there's Gemini.
Red Hat Pretends to Have "Community Commitment to Open Source" While Scuttling the Fedora Community (Among Others)
RHEL is becoming more proprietary over time and community seems to boil down to unpaid volunteers (at least that's how IBM see the "community")
IBM Neglecting Users of GNU/Linux on Laptops and Desktops
Reprinted with permission from Ryan Farmer
Personal Identification on the 'Modern' Net
Reprinted with permission from Ryan Farmer
Not Your Daily Driver: Don't Build With Rust or Adopt Rust-based Software If You Value Long-Term Reliance
Rust is a whole bunch of hype.
The Future of the Web is Not the Web
The supposedly "modern" stuff ought to occupy some other protocol, maybe "app://"
YouTube Has Just Become Even More Sinister
The way Google has been treating the Web (and Web browsers) sheds a clue about future plans and prospects
Initial Announcement of GNU (for Gnu's Not Unix) on September 27, 1983
History matters
Upgrade and Migration Status
Git is working, IPFS is working, IRC is working, Gemini is working
Yesterday in the 'Sister Site', Tux Machines (10 More Stories)
Scope-wise, many stories fit neatly into both sites, but posting the same twice makes no sense logistically
The New Techrights Will be Much Faster
A prompt response to FUD is important. It's time-sensitive.