Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> As per the article, to actually prevent ring -3 malware. The implemented signature is the best way to do this. If we could run our own "libre" code there, so could the attacker.

That's completely false; allowing the execution of libre software doesn't worsen security, and the security-by-obscurity model doesn't improve it.



Codesigning is "security-by-obscurity" now?


No, not that, the rest of it. I meant the fact that it's a binary blob which hasn't (recently) been subject to review by users.


The rest of it is covered by my second argument. They don't want you to see it due to highly proprietary stuff running there.

And if you agree about code signing, do you really believe that letting everyone see it, but then not allow anyone else to change it, is a good idea?


It's better than not letting anyone see it, and also not allowing it to be changed.

At least in the case where the code can be inspected, it can be checked for vulnerabilities, backdoors, etc.

That is better than nothing, especially if the vendor can be asked for a fix.


> allowing the execution of libre software doesn't worsen security

It does if I get temporary physical access to your machine and flash something that can spy on you, or if the method of flashing it can be done via your OS and I hack that. Those are two HUGE flaws.


If I have physical access, I can install malware in the firmware of your WiFi card, or I can replace the whole CPU with a malicious one.

Once physical access is gained, everything is over.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: