[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] possible to identify tor user via hardware DRM?



On Wed, 27 Jun 2012 14:18:13 -0400, Jerzy Åogiewa wrote:
> i was just reading about hardware DRM with intel chips and it look
> very bad for the future.
> 
> since big company like cisco sell out to governments around the world,
> why not intel also?
> 
> can these chips be used to spying and identifying people based on
> network data stream? who is doing research?
> 
> sorry if this is too OT...

I've actually been reading similar concerns (about hardware-based
tracking) on the FreedomBox list, and I have no basis for validating the
claims.  Wondering if anybody could shed some light on just how serious
these claims are and how they'd impact Tor users (or privacy generally)?
The mail seems full of generalizations, but the author seems genuine:

http://lists.alioth.debian.org/pipermail/freedombox-discuss/2012-June/004049.html

    "TPM has an universally unique identifier (UUID). In addition to its
    own visible UUID, TPM creates a composite UUID containing the serial
    numbers of other hardware such as the internal hard drive. Websites,
    government, IT administrators and hackers can see these UUIDs."

I can't actually tell if the author's claiming that these are
remotely-exploitable holes (i.e., across the Internet), or if local
access (physical access or at least wireless range) are required.

I could be misunderstanding, but some of his claims don't make a lot of
sense:

    "the PSN [Processor Serial Number] and/or TPM's UUID are visible
    offline. I cannot cite references on this.  I have been hacked
    offline, first by my wifi card and after I removed my wifi card and
    bluetooth card, by my PSN."

Cracked by your serial number?  Maybe he means "root-kitted by remotely
exploitable wireless card driver hole, which persisted despite removal
of wireless hardware?"  In that case, he's being terribly unclear.  I'd
also like to find out how he learned that his wireless card's
exploitable drivers were to blame.

Feel free to ignore this if it's too off topic and effectively hijacking
the original thread.

Nick

Attachment: pgpXwAZZracFi.pgp
Description: PGP signature

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk