[governance] Verisign to control what operating systems you can run on your computer

Daniel Kalchev daniel at digsys.bg
Thu Jun 7 10:20:10 EDT 2012


On 07.06.12 16:17, Kerry Brown wrote:
> I don’t know what the fuss is. There is a lot of FUD about this.

There is FUD, but also there are some fundamental problems that are NOT 
addressed by this "secure boot" initiative.

The most trivial example is with open source operating systems, such as 
FreeBSD. The typical way you build and install FreeBSD is from source. 
This includes compiling the boot loaders from source too. Now, how do 
you sign those boot loaders? You aren't supposed to have the FreeBSD's 
private keys on every system that builds the boot loaders. If you do, 
malware writers could use those keys to build malicious boot code, that 
will be happily executed by this "secure" UEFI.
This is not unique to FreeBSD of course and means that any open source 
OS will be unable to use this "feature". No matter what the advertizing 
says.

Things with Windows are already bad, since when Microsoft implemented 
code signing. By virtue of being signed "by Microsoft", Windows will let 
any software run, without noticing the user and will full privileges. 
This is the worst "security" anyone can even invent...

What is more, this "security" is being exploited today by serious, as 
they say "government backed" malware such as the recent "Flame" case.

Daniel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.igcaucus.org/pipermail/governance/attachments/20120607/664a6f9f/attachment.htm>
-------------- next part --------------
____________________________________________________________
You received this message as a subscriber on the list:
     governance at lists.igcaucus.org
To be removed from the list, visit:
     http://www.igcaucus.org/unsubscribing

For all other list information and functions, see:
     http://lists.igcaucus.org/info/governance
To edit your profile and to find the IGC's charter, see:
     http://www.igcaucus.org/

Translate this email: http://translate.google.com/translate_t


More information about the Governance mailing list