Breaking News
Comments
Newest First | Oldest First | Threaded View
MeirG
User Rank
Author
re: Turning cyber security on its head
MeirG   10/4/2012 4:48:58 PM
NO RATINGS
And how can I be sure that the ostensibly bit9 site is? Its Identity could be stolen too, can't it?

MindTech
User Rank
Author
re: Turning cyber security on its head
MindTech   10/4/2012 3:47:00 PM
NO RATINGS
I like the idea of trust-based security. But at some point I still have to be able to say that I trust a program. Under something like Bit9's solution, if I find a new piece of software (say open source) do I have to wait until someone on their end can whitelist it before I can run it? As for self-signed, all they would have to do is establish a way for clients to get temporary certificates that their system would allow. Still, it all comes down to who has the final say in what is trusted: me, my OS, my hardware, or my security software.

przemek0
User Rank
Author
re: Turning cyber security on its head
przemek0   10/3/2012 5:48:50 PM
NO RATINGS
So there's been this concept of signed code: executables are signed by their creator, who vouches for their safety, and the OS checks that the creator is who they claim they are and that the executable has not been modified. Microsoft implemented this because they had a horrible problem with third party software and drivers; they required it for drivers for years, but didn't make it mandatory for user executables. Bit9 could use this infrastructure by re-signing the executables they deem to be safe; I suspect that they instead built their own implementation. Unfortunately the article doesn't mention which platforms are covered: I assume Wintel and PCs, but they could also be targeting smartphones. Signed code is coming our way: the new EFI BIOS requires signing of BIOS images, and of the boot loader---this is required by the new Windows 8 hardware spec from Microsoft. I am apprehensive whether this is a good idea all the way through: it essentially gives the control over what software one can install and use to the signing entities. I hope that all such schemes allow self-signing of home-made executables.



Datasheets.com Parts Search

185 million searchable parts
(please enter a part number or hit search to begin)
Radio
LATEST ARCHIVED BROADCAST

What are the engineering and design challenges in creating successful IoT devices? These devices are usually small, resource-constrained electronics designed to sense, collect, send, and/or interpret data. Some of the devices need to be smart enough to act upon data in real time, 24/7. Specifically the guests will discuss sensors, security, and lessons from IoT deployments.

Brought to you by:

Like Us on Facebook
Special Video Section
In this short video we show an LED light demo to ...
02:46
Wireless Power enables applications where it is difficult ...
07:41
LEDs are being used in current luxury model automotive ...
With design sizes expected to increase by 5X through 2020, ...
01:48
Linear Technology’s LT8330 and LT8331, two Low Quiescent ...
The quality and reliability of Mill-Max's two-piece ...
LED lighting is an important feature in today’s and future ...
05:27
The LT8602 has two high voltage buck regulators with an ...
05:18
Silego Technology’s highly versatile Mixed-signal GreenPAK ...
The quality and reliability of Mill-Max's two-piece ...
01:34
Why the multicopter? It has every thing in it. 58 of ...
Security is important in all parts of the IoT chain, ...
Infineon explains their philosophy and why the multicopter ...
The LTC4282 Hot SwapTM controller allows a board to be ...
This video highlights the Zynq® UltraScale+™ MPSoC, and sho...
Homeowners may soon be able to store the energy generated ...
The LTC®6363 is a low power, low noise, fully differential ...
See the Virtex® UltraScale+™ FPGA with 32.75G backplane ...
Vincent Ching, applications engineer at Avago Technologies, ...
The LT®6375 is a unity-gain difference amplifier which ...