Dev.SN ♥ developers
Sections
Dev.SN
from the god-himself-could-not-sink-this-ship dept.
AnonTechie writes:
"Intel's Reliance Point is a research project with a daunting task - a leak-proof Big Data sharing solution for business collaboration.
The chipmaker, says The MIT Technology Review, 'thinks it has a way to let valuable data be combined and analyzed without endangering anyone's privacy. Its researchers are testing a super-secure data locker where a company could combine its sensitive data with that from another party without either side risking that raw information being seen or stolen.' The system's inner workings are based on a series of security checks, from the BIOS on up:
When the Reliance Point system boots up, a security chip is used to check that the BIOS, the lowest-level software on a computer that starts it up, hasn't been tampered with. The BIOS then makes its own checks before activating the next level of software, which in turn makes its own checks, a chain-like process that continues until the system is fully operational.
(Score: 5, Interesting) by VLM on Monday March 03 2014, @10:54AM
Luckily, in the history of computing, no one has ever cracked software protected by a hardware dongle.
Sounds easy enough to virtualize and crack. After all the article claims there will be billions of dollars of motivation, whereas teens used to do that kind of stuff for free just to play Donkey Kong ripoffs. I'm sure there's no one in .ru today who's pissed off at .us and willing to incidentally collect a couple billion bucks, nope, just gonna play xbox and post on 4chan all day I'm sure.
I bet there are interesting MITM implications.
The root problem is not only are you going to inevitably get busted for an expensive HIPPA violation, but you also spent huge amounts of money and effort on something that might have produced (intentionally?) inaccurate data for an unknown time after it was powned, and you don't know when that happened. So now you're out huge stacks of cash and have bad data. Awesome destination, better get out of the way of the stampede.
Also you've got a trust issue in a prisoners dilemma scenario where corporate mgmt is by definition uneducated psychopaths. What could possibly go wrong? I'd assume both companies would feed false information to each other and then broker out what they "learn". This may yet become the most elaborate and complicated random number generation algorithm ever conceived.
And don't forget you don't need to be utterly powned to have an infosec disaster. Just leak "enough". Target didn't lose every credit card ever used at any store... just enough of them to be an issue. Don't need to leak everything via this system, just "enough".
Would be nice to see something like HIPPA implemented for financial transactions. Lots of election donation funds standing in the way.
(Score: 2) by Grishnakh on Monday March 03 2014, @03:53PM
Luckily, in the history of computing, no one has ever cracked software protected by a hardware dongle.
This is wrong. Here's a couple of links:1 50109 [subsim.com]
http://www.subsim.com/radioroom/showthread.php?t=
http://www.woodmann.com/crackz/Dongles.htm [woodmann.com]