POPULARITY
News includes a critical Unauthenticated Remote Code Execution vulnerability in Erlang/OTP SSH, José Valim teasing a new project, Oban Pro v1.6's impressive new "Cascade Mode" feature, Semaphore CI/CD platform being open-sourced as a primarily Elixir application, new sandboxing options for Elixir code with Dune and Mini Elixir, BeaconCMS development slowing due to DockYard cuts, and a look at the upcoming W3C Device Bound Session Credentials standard that will impact all web applications, and more! Show Notes online - http://podcast.thinkingelixir.com/251 (http://podcast.thinkingelixir.com/251) Elixir Community News https://paraxial.io/ (https://paraxial.io/?utm_source=thinkingelixir&utm_medium=shownotes) – Paraxial.io is sponsoring today's show! Sign up for a free trial of Paraxial.io today and mention Thinking Elixir when you schedule a demo for a limited time offer. https://x.com/ErlangDiscu/status/1914259474937753747 (https://x.com/ErlangDiscu/status/1914259474937753747?utm_source=thinkingelixir&utm_medium=shownotes) – Unauthenticated Remote Code Execution vulnerability discovered in Erlang/OTP SSH. https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2 (https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2?utm_source=thinkingelixir&utm_medium=shownotes) – Official security advisory for the Erlang/OTP SSH vulnerability. https://paraxial.io/blog/erlang-ssh (https://paraxial.io/blog/erlang-ssh?utm_source=thinkingelixir&utm_medium=shownotes) – Paraxial.io's detailed blog post addressing how the SSH vulnerability impacts typical Elixir systems. https://elixirforum.com/t/updated-nerves-systems-available-with-cve-2025-32433-ssh-fix/70539 (https://elixirforum.com/t/updated-nerves-systems-available-with-cve-2025-32433-ssh-fix/70539?utm_source=thinkingelixir&utm_medium=shownotes) – Updated Nerves systems available with SSH vulnerability fix. https://bsky.app/profile/oban.pro/post/3lndzg72r2k2g (https://bsky.app/profile/oban.pro/post/3lndzg72r2k2g?utm_source=thinkingelixir&utm_medium=shownotes) – Announcement of Oban Pro v1.6's new "Cascade Mode" feature. https://oban.pro/articles/weaving-stories-with-cascading-workflows (https://oban.pro/articles/weaving-stories-with-cascading-workflows?utm_source=thinkingelixir&utm_medium=shownotes) – Blog post demonstrating Oban Pro's new Cascading Workflows feature used to create children's stories with AI. https://bsky.app/profile/josevalim.bsky.social/post/3lmw5fvnyvc2k (https://bsky.app/profile/josevalim.bsky.social/post/3lmw5fvnyvc2k?utm_source=thinkingelixir&utm_medium=shownotes) – José Valim teasing a new logo with "Soon" message. https://tidewave.ai/ (https://tidewave.ai/?utm_source=thinkingelixir&utm_medium=shownotes) – New site mentioned in José Valim's teasers, not loading to anything yet. https://github.com/tidewave-ai (https://github.com/tidewave-ai?utm_source=thinkingelixir&utm_medium=shownotes) – New GitHub organization related to José Valim's upcoming announcement. https://github.com/tidewave-ai/mcpproxyelixir (https://github.com/tidewave-ai/mcp_proxy_elixir?utm_source=thinkingelixir&utm_medium=shownotes) – The only public project in the tidewave-ai organization - an Elixir MCP server for STDIO. https://x.com/chris_mccord/status/1913073561561858229 (https://x.com/chris_mccord/status/1913073561561858229?utm_source=thinkingelixir&utm_medium=shownotes) – Chris McCord teasing AI development with Phoenix applications. https://ashweekly.substack.com/p/ash-weekly-issue-13 (https://ashweekly.substack.com/p/ash-weekly-issue-13?utm_source=thinkingelixir&utm_medium=shownotes) – Zach Daniel teasing upcoming Ash news to be announced at ElixirConf EU. https://elixirforum.com/t/dune-sandbox-for-elixir/42480 (https://elixirforum.com/t/dune-sandbox-for-elixir/42480?utm_source=thinkingelixir&utm_medium=shownotes) – Dune - a sandbox for Elixir created by a Phoenix maintainer. https://github.com/functional-rewire/dune (https://github.com/functional-rewire/dune?utm_source=thinkingelixir&utm_medium=shownotes) – GitHub repository for Dune, an Elixir code sandbox. https://blog.sequinstream.com/why-we-built-mini-elixir/ (https://blog.sequinstream.com/why-we-built-mini-elixir/?utm_source=thinkingelixir&utm_medium=shownotes) – Blog post explaining Mini Elixir, another Elixir code sandbox solution. https://github.com/sequinstream/sequin/tree/main/lib/sequin/transforms/minielixir (https://github.com/sequinstream/sequin/tree/main/lib/sequin/transforms/minielixir?utm_source=thinkingelixir&utm_medium=shownotes) – GitHub repository that contains Mini Elixir, an Elixir AST interpreter. https://www.reddit.com/r/elixir/comments/1k27ekg/webuiltacustomelixirastinterpreter_for/ (https://www.reddit.com/r/elixir/comments/1k27ekg/we_built_a_custom_elixir_ast_interpreter_for/?utm_source=thinkingelixir&utm_medium=shownotes) – Reddit discussion about Mini Elixir AST interpreter. https://github.com/semaphoreio/semaphore (https://github.com/semaphoreio/semaphore?utm_source=thinkingelixir&utm_medium=shownotes) – Semaphore CI/CD platform open-sourced under Apache 2.0 license - primarily an Elixir application. https://semaphore.io/ (https://semaphore.io/?utm_source=thinkingelixir&utm_medium=shownotes) – Official website for Semaphore CI/CD platform. https://docs.semaphoreci.com/CE/getting-started/install (https://docs.semaphoreci.com/CE/getting-started/install?utm_source=thinkingelixir&utm_medium=shownotes) – Installation guide for Semaphore Community Edition. https://bsky.app/profile/markoanastasov.bsky.social/post/3lj5o5h5z7k2t (https://bsky.app/profile/markoanastasov.bsky.social/post/3lj5o5h5z7k2t?utm_source=thinkingelixir&utm_medium=shownotes) – Announcement from Marko Anastasov, co-founder of Semaphore CI, about open-sourcing their platform. https://github.com/elixir-dbvisor/sql (https://github.com/elixir-dbvisor/sql?utm_source=thinkingelixir&utm_medium=shownotes) – GitHub repository for SQL parser and sigil with impressive benchmarks. https://groups.google.com/g/elixir-ecto/c/8MOkRFAdLZc?pli=1 (https://groups.google.com/g/elixir-ecto/c/8MOkRFAdLZc?pli=1?utm_source=thinkingelixir&utm_medium=shownotes) – Discussion about SQL parser being 400-650x faster than Ecto for generating SQL. https://bsky.app/profile/bcardarella.bsky.social/post/3lndymobsak2p (https://bsky.app/profile/bcardarella.bsky.social/post/3lndymobsak2p?utm_source=thinkingelixir&utm_medium=shownotes) – Announcement about BeaconCMS reducing development due to Dockyard cuts. https://bsky.app/profile/did:plc:vnywtpvzgdgetnwea3fs3y6w (https://bsky.app/profile/did:plc:vnywtpvzgdgetnwea3fs3y6w?utm_source=thinkingelixir&utm_medium=shownotes) – Related profile for BeaconCMS announcement. https://beaconcms.org/ (https://beaconcms.org/?utm_source=thinkingelixir&utm_medium=shownotes) – BeaconCMS official website. https://github.com/BeaconCMS/beacon (https://github.com/BeaconCMS/beacon?utm_source=thinkingelixir&utm_medium=shownotes) – GitHub repository for BeaconCMS. Do you have some Elixir news to share? Tell us at @ThinkingElixir (https://twitter.com/ThinkingElixir) or email at show@thinkingelixir.com (mailto:show@thinkingelixir.com) Discussion Resources Discussion about Device Bound Session Credentials, a W3C initiative being built into major browsers that will require minor changes to Phoenix for implementation. https://w3c.github.io/webappsec-dbsc/ (https://w3c.github.io/webappsec-dbsc/?utm_source=thinkingelixir&utm_medium=shownotes) – W3C - Device Bound Session Credentials proposal https://github.com/w3c/webappsec-dbsc/ (https://github.com/w3c/webappsec-dbsc/?utm_source=thinkingelixir&utm_medium=shownotes) – Device Bound Session Credentials explainer https://developer.chrome.com/docs/web-platform/device-bound-session-credentials (https://developer.chrome.com/docs/web-platform/device-bound-session-credentials?utm_source=thinkingelixir&utm_medium=shownotes) – Device Bound Session Credentials (DBSC) on the Google Chrome developer blog https://en.wikipedia.org/wiki/TrustedPlatformModule (https://en.wikipedia.org/wiki/Trusted_Platform_Module?utm_source=thinkingelixir&utm_medium=shownotes) – Wikipedia article on Trusted Platform Module, relevant to Device Bound Session Credentials discussion. https://www.grc.com/sn/sn-1021-notes.pdf (https://www.grc.com/sn/sn-1021-notes.pdf?utm_source=thinkingelixir&utm_medium=shownotes) – Other podcast show notes discussing Device Bound Session Credentials (DBSC). https://twit.tv/shows/security-now/episodes/1021?autostart=false (https://twit.tv/shows/security-now/episodes/1021?autostart=false?utm_source=thinkingelixir&utm_medium=shownotes) – Security Now podcast episode covering Device Bound Session Credentials (time coded link to discussion). Find us online - Message the show - Bluesky (https://bsky.app/profile/thinkingelixir.com) - Message the show - X (https://x.com/ThinkingElixir) - Message the show on Fediverse - @ThinkingElixir@genserver.social (https://genserver.social/ThinkingElixir) - Email the show - show@thinkingelixir.com (mailto:show@thinkingelixir.com) - Mark Ericksen on X - @brainlid (https://x.com/brainlid) - Mark Ericksen on Bluesky - @brainlid.bsky.social (https://bsky.app/profile/brainlid.bsky.social) - Mark Ericksen on Fediverse - @brainlid@genserver.social (https://genserver.social/brainlid) - David Bernheisel on Bluesky - @david.bernheisel.com (https://bsky.app/profile/david.bernheisel.com) - David Bernheisel on Fediverse - @dbern@genserver.social (https://genserver.social/dbern)
Video Episode: https://youtu.be/Lw7MiiRsuk0In today's episode, we discuss critical vulnerabilities in Progress Software's WhatsUp Gold requiring urgent patches, alongside freshly reported exploits in Linux's Common Unix Printing System. We also explore Meta's hefty €91 million fine for improperly storing plaintext passwords, and Microsoft's revisions to the Copilot+ Recall feature after security concerns. Stay informed on these significant developments in software security and data privacy! Links to articles discussed:1. https://thehackernews.com/2024/09/progress-software-releases-patches-for.html2. https://www.cybersecuritydive.com/news/linux-cves-open-source/728310/3. https://thehackernews.com/2024/09/meta-fined-91-million-for-storing.html4. https://www.helpnetsecurity.com/2024/09/30/copilot-recall-security/Timestamps00:00 - Introduction00:55 - CUPS and WhatsUp updates03:38 - Windows Recall 1. What are today's top cybersecurity news stories?2. What vulnerabilities were patched in WhatsUp Gold?3. How serious are the Linux CVEs discovered recently?4. What penalties did Meta face for storing passwords in plaintext?5. What changes has Microsoft made to the Copilot+ Recall feature?6. Which critical CVEs affect print jobs on Linux systems?7. How can WhatsUp Gold customers mitigate security threats?8. What are the implications of Meta's latest GDPR fine?9. What security measures did Microsoft implement in Copilot+ Recall?10. How have researchers responded to Linux security vulnerabilities? Progress Software, WhatsUp Gold, vulnerabilities, patches, Linux, vulnerabilities, Red Hat, Canonical, Meta, €91 million, plaintext, security lapse, Copilot+ Recall, encryption, Trusted Platform Module, privacy,
In this episode of CISO Tradecraft, host G Mark Hardy discusses various mishaps that can occur with Multi-Factor Authentication (MFA) and how these can be exploited by attackers. The talk covers several scenarios such as the misuse of test servers, bypassing of MFA via malicious apps and phishing scams, violation of the Illinois Biometric Information Protection Act by using biometric data without proper consent, and potential future legal restrictions on biometric data usage. G Mark also highlights the significance of correct implementation of MFA to ensure optimum organizational security and how companies can fail to achieve this due to overlooking non-technical issues like legal consent for biometric data collection. Transcripts: https://docs.google.com/document/d/1FPCFlFRV1S_5eaFmjp5ByU-FCAzg_1kO References: Evil Proxy Attack- https://www.resecurity.com/blog/article/evilproxy-phishing-as-a-service-with-mfa-bypass-emerged-in-dark-web Microsoft Attack - https://www-bleepingcomputer-com.cdn.ampproject.org/c/s/www.bleepingcomputer.com/news/security/microsoft-reveals-how-hackers-breached-its-exchange-online-accounts/amp/ Illinois Biometric Law - https://www.ilga.gov/legislation/publicacts/fulltext.asp?Name=095-0994 Chapters 00:00 Introduction 00:43 Understanding Multi Factor Authentication 01:05 Exploring Different Levels of Authentication 03:30 The Risks of Multi Factor Authentication 03:51 The Importance of Password Management 04:27 Exploring the Use of Trusted Platform Module for Authentication 06:17 Understanding the Difference Between TPM and HSM 09:00 The Challenges of Implementing MFA in Enterprises 11:25 Exploring Real-World MFA Mishaps 15:30 The Risks of Overprivileged Test Systems 17:16 The Importance of Monitoring Non-Production Environments 19:02 Understanding Consent Phishing Scams 30:37 The Legal Implications of Biometric Data Collection 32:24 Conclusion and Final Thoughts
In this episode of the podcast, I speak with Window Snyder, the founder and CEO of Thistle Technologies about the (many) security challenges facing Internet of Things (IoT) devices and her idea for making things better: Thistle's platform for secure development and deployment of IoT devices. The post Episode 250: Window Snyder of Thistle on Making IoT Security Easy appeared first on The Security Ledger with Paul F. Roberts. Click the icon below to listen. Related StoriesEpisode 253: DevSecOps Worst Practices With Tanya Janca of We Hack PurpleBlack Hat: Colin O’Flynn On Hacking An Oven To Make It Stop LyingEpisode 251: Kry10 CEO Boyd Multerer on building a secure OS for the IoT
A fresh take on open-source funding, Fedora's plan for better encryption out of the box, and our impressions of the latest Ubuntu Beta.
A fresh take on open-source funding, Fedora's plan for better encryption out of the box, and our impressions of the latest Ubuntu Beta.
What's up, everyone?! In this episode, Ryan and Shannon discuss two recently disclosed TPM 2.0 vulnerabilities and their potential impact. Please LISTEN
Passwords have been around since the 1960s and as a means to keep someone out of a non-connected terminal, they were relatively secure. The scale of a compromised system was relatively low. But the world has changed drastically in that time. Every computer is connected to a massive network of other computers. The impact scale of a compromised password is multiple times more problematic than it was even 30 years ago, yet we continue to rely on passwords as a security means to protect account information. Security means like longer passwords, more complicated schemes, no dictionary words, and even two-factor authentication have had limited success with stopping hacks. Additionally, each of these requirements adds friction to a user accomplishing their task, whether that's to buy a product, communicate with friends, or login to critical systems. WebAuthN is a standard protocol for supporting passwordless authentication based on a combination of a user identifier and biometrics. Consumers can simply login via their email and using their thumb print on their phone or relying on facial recognition on their device. Passwordless authentication not only reduces frictions for users, but it removes a massive security vulnerability, the password. Nick Hodges, Developer Advocate at Passage, joins the show to share his knowledge and expertise about the security issues with traditional passwords, how passwordless works and addresses historical security issues, and how Passage.id can be used to quickly create a passwordless authentication systems for your product. Topics: What's the problem with passwords? Why have passwords stuck along so long? What's it mean to go passwordless? What is a passkey and how do they work? How does the privacy and security of a passkey compare to a standard password? A Passkey is stored within the Trusted Platform Module of a phone. What happens if someone steals my phone? What happens if I upgrade my device? Do my passkeys come with me? What are the potential security risks or limitations of passkey based login? What if I don't have my phone? Can I still login? Can you share an account with someone else? How does that work? When a business switches over to using a passkey approach, what's the reaction from their customers? Is there a big educational challenge to convince companies to ditch passwords? Why is a passkey approach to login not more widely adopted? What's stopping mainstream use? What is Passage and how is helping businesses go passwordless? Who's your typical customer? Startups just building their auth system or are people replacing existing systems for this approach? What's it take to get started? How hard would it be for me to rip out my existing authentication and adopt Passage? What are your thoughts on the future of passwords and password security? How far away are we from completely getting rid of passwords? What's next for Passage? Anything on the future roadmap that you can share? Resources: Passage Passage Demo Connect with Nick
TPM (Trusted Platform Module) is a computer chip (microcontroller) that can securely store artifacts used to authenticate the platform (your PC or laptop). TPM (Trusted Platform Module) is a computer chip (#microcontroller) that can securely store artifacts used to authenticate the platform (your PC or laptop). #whatisTPM #TPM #TrustedPlatformModule #TPM2.0 Please visit https://www.infosectrain.com/offers/ or Write back to us at sales@infosectrain.com Subscribe to our channel to get video updates. Hit the subscribe button above. Facebook: https://www.facebook.com/Infosectrain/ Twitter: https://twitter.com/Infosec_Train LinkedIn: https://www.linkedin.com/company/infosec-train/ Instagram: https://www.instagram.com/infosectrain/ Telegram: https://t.me/infosectrains
A browser configuration control that prevents accessing resources within a private network. CyberWire Glossary link: Audio reference link: “TPM (Trusted Platform Module) - Computerphile,” Computerphile, 23 July 2021
A browser configuration control that prevents accessing resources within a private network. CyberWire Glossary link: https://thecyberwire.com/glossary/trusted-platform-module Audio reference link: “TPM (Trusted Platform Module) - Computerphile,” Computerphile, 23 July 2021
A belated happy easter to all our listeners. We hope you had a lovely easter break. We begin on the topic of travel: Jan is off to Madrid later this month for work purposes so we ask ourselves the question, should travel for work or leisure be a thing of the past? What is your view? Also, share your thoughts on the current state of easter egg chocolate - do you think the quality has diminished in the last few years? Jan is just back from his easter egg hunt, and Sjef (his guide dog) has been a bit of a naughty doggy - chasing rabbits instead of easter eggs. This week Stuart is preparing to lose all that easter bunny chocolate weight by weighing himself with his brand spanking new ‘Qardio weighing scales' …he broke the last one! We hear about the handy app you can use with this device. He also tells us about the smart blood pressure device he is going to purchase. Who knew Stuart was this health conscious? Certainly not Jan or Óran… Do you intermittent fast? Óran and Clodagh have started down this road and would love to hear from anyone doing the same. Clodagh is here with emails but first she tells the Blind Guys about her new Samsung smart washing machine called Wallace the Washing Machine. It's fierce fancy: Samsung Series 5+ WW90T534DAN/S1 with Auto Dose & Ecobubble Washing Machine 9kg 1400rpm – it has braille and everything! Unfortunately, the app for this device doesn't work on Óran's phone, or at least that is what he told Clodagh… (chancer!) We have an email from Saleem who writes in with info on the Trusted Platform Module. Here is a link he sent with more details: https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/trusted-platform-module-overview Blind Gordon tells us about the accessible online census in Scotland, spoiler alert, Missus Blind Gordon has already filled it out, so we don't know if it was accessible or not. And we wish Gary from South Africa all the best as he heads off to do his TV music competition. So Blind Guys Chatters - strap in and get ready for the most insightful, informative, and immensely entertaining podcast that has ever existed in the world, ever: Blind Guys Chat: the reason why chocolate tastes so good. Don't forget: • Please rate and review us on your chosen podcasting platform. • We'd love to know what you'd like us to talk about in upcoming shows; send us your suggestions by email: blindguyschat@gmail.com • You can send us your Blindie Tips and other thoughts by email also on blindguyschat@gmail.com • If you'd like to support the podcast, you can treat the Blind Guys to a coffee by clicking the link below. Support Blind Guys Chat by contributing to their Tip Jar: https://tips.pinecast.com/jar/blind-guys-chat Check out our podcast host, Pinecast. Start your own podcast for free with no credit card required. If you decide to upgrade, use coupon code r-6f08ef for 40% off for 4 months, and support Blind Guys Chat.
Tom clears the air about the Pluton Security Processor, Microsoft's successor of the Trusted Platform Module.Featuring Tom Merritt.Full episode transcript here. See acast.com/privacy for privacy and opt-out information.
Welcome back to the Compliance In Context Podcast! On today’s show, we welcome the return of former NSCP Board Chair and all-around compliance expert, Craig Watanabe, to analyze some recent comments from SEC Chair Gensler around cybersecurity, and reveal some practical tips firms can use to enhance the cybersecurity measures inside their own firms. In our Headlines section, we look at the new NSCP Firm and CCO Liability Framework and its broader application to the industry. And finally, we wrap up today’s show with another installment of What’s On My Mind where we examine what an 80s classic song from Mike and the Mechanics and the life of John Madden can teach us about being the best compliance officer and CCO for your respective firms. Headlines NSCP Firm and CCO Liability Framework Interview Reaction to SEC Chair Gensler’s Speech at Northwestern Pritzker School of Law’s Annual Securities Regulation Institute Reviewing “Twelve Tips for Teleworking Cybersecurity” in May 2020 edition of Currents What is the Windows 11 upgrade? Usability vs. Security What is the Trusted Platform Module? What are the best tips for cybersecurity and user awareness training? What is cyber hygiene? What are some other best practices you’ve seen in cybersecurity lately? How best to leverage cyber insurance and related expertise? What’s On My Mind? “Living Years” by Mike + The Mechanics The Life of John Madden Fastidious preparation as compliance coach Living with a sense of appreciation Quotes: “Cybersecurity is almost always at the top or near the top of the list in terms of risks and I think that’s going to be the case for some time for this foreseeable future so it’s going to be a big risk for everyone, a big risk for the industry.” – Craig Watanabe 10:12 - “I think Regulation SP is somewhat of a misnomer because the S stands for safeguarding and the P stands for privacy. But if you ask most people, ‘Reg SP?’ ‘Oh, yeah! Privacy.’ We kinda forget Section 30, which is the safeguarding part of the rule. And that’s where all cybersecurity regulation basically resides.” – Craig Watanabe “In the Fortress Model, the idea is you create this fortress. Everything on the inside of the fortress, all the interior is safe and you try to keep all the unknowns (all the bad stuff) out. That model works really well when you have a centralized work environment and you have a centralized IP. It’s a perfectly reasonable, very usable, and a very functional model. That model, however, doesn’t work as well in a remote or hybrid work environment.” – Craig Watanabe “I think there has been a paradigm shift at Microsoft and other big vendors, with an emphasis on security. That’s clear to me. I don’t think Microsoft would have done these things prior.” – Craig Watanabe Resources: Compliance in Context Contact Form Compliance in Context, LinkedIn Twitter: @compliancepod
We once again have Sean in the Hardware Asylum Labs and in this episode, we dive into Windows 11 and discuss the TPM 2.0 requirement to install the new operating system. What is it? Why would Microsoft require it?? And what does it mean for the Hardware Enthusiast.
El pasado 12 de agosto uno de nuestros oyentes, llamado Edwin Pagán me pidió que hiciera un programa sobre Windows 11 y el nuevo TPM 2.0. Para aquellos de ustedes que no sepan lo que es TPM, se refiere a un chip de seguridad que reside en la tarjeta de matriz de cada máquina. Las siglas TPM significan “Trusted Platform Module”, que dicho así tan rapidito nos dice muy poco. Como muchos de ustedes saben yo nunca he sido usuario de Windows. Comencé en el mundo de las computadoras en el 1984 y mi primera máquina fue una Macintosh Plus con 4MB de RAM y la pantalla de 9”diagonales blanco y negro. Sí, escuchaste correctamente, 9 pulgadas. De hecho, el iPad que tengo ahora tiene la pantalla más grande. Para mí el único uso que siempre tuvo una máquina Windows fue para verificar que los trabajos que le entregaba a mis clientes del mundo farmacéutico se veían y se comportaban correctamente. Para eso le tengo un software llamado “Parallels” a una de mis máquinas con aplicaciones para Windows. Para hacer un programa sobre Windows 11 y TPM 2.0 pude haber hecho la investigación y haber hablado del tema, pero mis oyentes habituales se hubieran preguntado: “adios, ¿pero qué hace Orlando hablando de Windows?”. ¿Por qué? Pues porque todos saben que lo mío son las Macs. Por eso preferí buscar a alguien que sí supiera. ¿Y qué mejor que el gerente de sistemas de Información de nuestro auspiciador AeroNet Wireless Broadband? Por eso el programa de hoy consiste de una corta entrevista con Reynaldo Colón, quién —de hecho— ya había estado anteriormente en el programa para hablarnos del Ataque a Colonial Pipeline. Al momento Windows 11 está en la etapa de beta y se espera que ya esté disponible para el próximo 20 de octubre. Durante espacio de 45 minutos —más o menos— inunde de preguntas a Reynaldo y aprendí un montón de cosas nuevas. Claro, la llegada de un nuevo sistema operativo ya no es como antes. No propicia grandes filas, que la gente acampe frente a las tiendas (quizás porque la mayoría ya casi ni existen), ni revoluciona nuestro mundo como sucedía antes. De hecho, muchos de los cambios nos resultan hasta invisibles. Pero, bajo el bonete (como se diría en el argot de los carros) suceden cosas que debes conocer. Enlaces: Windows 11 Compatibility: “Microsofts PC Health Check App is Back” Decarga la aplicación PC Health Check para Windows 11 OTROS EPISODIOS QUE TE PUEDEN INTERESAR: Consejos Para Hacer Un Buen Podcast La Atención Es El Producto Autoempleo, Cómo Crear Tu Propia Realidad Los Descuidos Digitales Son Costosos Redacción SEO, Al Centro De Todo En La Internet ©2021, Orlando Mergal, MA _________________ El autor es Experto En Comunicación Corporativa (Lic. R-500), Autor de más de media docena de Publicaciones de Autoayuda y Productor de Contenido Digital Inf. 787-306-1590 • 787-750-0000 Divulgación de Relación Material: Algunos de los enlaces en esta entrada son “enlaces de afiliados”. Eso significa que si le das click al enlace, y compras algo, yo voy a recibir una comisión de afiliado. No obstante, tú vas a pagar exactamente lo mismo que pagarías al visitar al comerciante directamente y de manera independiente. Además, yo sólo recomiendo productos o servicios que utilizo personalmente y que pienso que añadirán valor a mis oyentes. Al patrocinar los productos o servicios que mencionamos en Hablando De Tecnología contribuyes para que el programa continúe. Hago esta divulgación en cumplimiento con con el "16 CFR, Part 255" de la Comisión Federal De Comercio de los Estados Unidos "Guías Concernientes al uso de Endosos y Testimonios en la Publicidad". #windows11 #tpm2.0 #offline #aeronetwirelessbroadband #reynaldocolon #hablandodetecnologia #podcast #orlandomergal #puertorico
Paul is back! Richard chats with Paul about the recently released preview of Windows 11. Paul talks about being a bit surprised by the timing of Windows 11, and how it looks an awful lot like an update to Windows 10, with a UX refresh. The conversation digs into the current controversy around the Trusted Platform Module requirement in the hardware for Windows 11, while also discussing what should be controversial - requiring a Microsoft account to log into Windows 11. The controversy is helping to shape the product, you should be a part of the discussion!Links:Windows 11 Preview 1 Recorded July 19, 2021
Microsoft verlangt für Windows 11 ein Trusted Platform Module – was tut das genau?
What is the Trusted Platform Module chip used for? TPM is used for many things such as disk encryption and prevention of hardware changes. –––––––––––––––––––––––––––––– Let's continue our discussion! Follow me on Twitter at @dexter_johnson and visit http://DexJohnsPC.com to stay on top of my latest blog posts about the world of technology. Follow my tech news Twitter list: https://twitter.com/i/lists/1407003582264655878 Share this podcast with a friend! Links from this episode: https://www.pcworld.com/article/3622952/what-is-a-tpm-where-do-i-find-it-and-turn-it-on.html https://en.m.wikipedia.org/wiki/Trusted_Platform_Module Intro music details: –––––––––––––––––––––––––––––– RETRO Xcape by Lahar https://soundcloud.com/musicbylahar Creative Commons — Attribution 3.0 Unported — CC BY 3.0 Free Download / Stream: https://bit.ly/retro-xcape Music promoted by Audio Library https://youtu.be/eHHMlcSVBgE –––––––––––––––––––––––––––––– Outro music details: –––––––––––––––––––––––––––––– Reloaded by Savfk - Music https://soundcloud.com/savfk Creative Commons — Attribution 3.0 Unported— CC BY 3.0 Free Download / Stream: https://bit.ly/_reloaded Music promoted by Audio Library https://youtu.be/IlUSKojxLxU ––––––––––––––––––––––––––––––
You knew we couldn't resist doing a Windows 11 episode, and indeed we're here to talk about the whole shebang: virtualized security and the controversy around CPU support, the good (better window-snapping!), the bad (bottom-only taskbar!), and the ugly (rounded corners!?) of the new UI, the ol' Trusted Platform Module, Microsoft Store revenue changes, Android apps, and the coming war between Microsoft and Google.NOTESHere's TechRepublic's informative piece on Windows 11 CPU compatibility that we referenced a bunch in this episode: https://www.techrepublic.com/article/windows-11-understanding-the-system-requirements-and-the-security-benefits/Support the Pod! Contribute to the Tech Pod Patreon and get access to our booming Discord, your name in the credits, and other great benefits! You can support the show at: https://patreon.com/techpod
Om Shownotes ser konstiga ut (exempelvis om alla länkar saknas. Det ska finnas MASSOR med länkar) så finns de på webben här också: https://www.enlitenpoddomit.se Avsnitt 323 spelades in den 29 juni och eftersom elefanter inte kan hoppa ( https://www.tweentribune.com/article/tween56/it-true-elephants-cant-jump/ ) så handlar dagens avsnitt om: INTRO: - Alla har haft en vecka - Mats berättar om hur man irritrerar folk, Johan har semester och tillbringar den på stranden FEEDBACK AND BACKLOG: - John McAfee har dött i ett spanskt fängelse https://appleinsider.com/articles/21/06/24/john-mcafee-dies-in-spanish-prison-following-extradition-order-to-us MICROSOFT - 2 trillioner dollar - BONUSLÄNK: Vad är en trillion. https://www.redeye.se/arena/posts/biljoner-och-triljoner - Windows 11 - Panos är Panos - Ny sore med alla appar oavsett format - Android Appar från Amazon Store - Teams ersätter Meet Now - Snap Assist - Tips från microsoft vid planering av utrullning av Windows 11 https://docs.microsoft.com/en-us/windows/whats-new/windows-11-plan - Kör man Microsoft Endpoint Configuration Manger (det som för skitlänge sedan hette SCCM) Love Arvidsson har lagt ut en skitbra fråga för att få ut kompabilitets kraven https://www.linkedin.com/posts/love-arvidsson-a55926b6_mecm-cm-win11-activity-6815549480981581824-JQIt - Direct Storage https://www.engadget.com/directstorage-windows-11-exclusive-164803425.html - Hur funkar TPM https://en.m.wikipedia.org/wiki/Trusted_Platform_Module - Dynamic Refrashrate https://www.thurrott.com/windows/windows-11/252560/microsoft-is-bringing-dynamic-refresh-rate-support-to-windows-11 - Xbox Cloud Gaming released https://www.engadget.com/xbox-could-gaming-ios-web-215045999.html - Uppdaterat utseende I Office https://www.thurrott.com/windows/windows-11/252543/microsoft-releases-visual-refresh-of-office-for-windows - Microsoft Teams får 1080p https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=66350 - Azure Image Builder, är nu GA https://azure.microsoft.com/en-us/blog/streamline-your-custom-image-building-process-with-azure-vm-image-builder-service/ https://docs.microsoft.com/en-us/azure/virtual-machines/image-builder-overview APPLE - Apple Xcode Cloud https://appleinsider.com/articles/21/06/28/apple-begins-roll-out-of-xcode-cloud-beta-testing - Apple betalar för Google lagring https://appleinsider.com/articles/21/06/29/apple-is-now-googles-largest-corporate-customer-for-cloud-storage - Apple vs Pacemakers https://www.macrumors.com/2021/06/26/apple-lists-products-to-keep-away-from-pacemakers - Vad man kan göra med GrayKey har läckt https://appleinsider.com/articles/21/06/22/iphone-hacking-tool-graykey-techniques-outlined-in-leaked-instructions - Apple M1 är nu supporterat i Linux kernel 5.13 https://appleinsider.com/articles/21/06/28/apples-m1-now-supported-by-linux-kernel-in-version-513 - Wifi kan gå sönder https://howtoremove.guide/p-s-s-s-s-n-wireless-network/ GOOGLE: - 3rd party Cookies https://swedroid.se/google-kommer-inte-blockera-tredjepartskakor-i-chrome-forran-2023/ - Billigare provision på Wear och Auto https://appleinsider.com/articles/21/06/27/lower-15-google-play-fee-offered-for-wear-os-android-auto-integrations - Samsungs WearOS 3.0 event https://techcrunch.com/2021/06/28/samsung-and-google-detail-wearable-platform-ahead-of-next-galaxy-watch-launch/ - För att undvika Supply Chain Attacks? https://www.thurrott.com/dev/252557/google-to-require-play-store-developers-to-use-2-step-verification ANDRA NYHETER: - Nytt material kan göra flygplansmotorer tysta som en hårtork https://www.warpnews.se/transporter/nytt-material-kan-gora-flygplansmotorer-lika-tysta-som-en-hartork/ PRYLLISTA Mats: lite fiber, https://www.ip-only.se/privat/fiber/villa/ Björn: en väder station, https://www.amazon.com/dp/B01N5TEHLI/ Johan: en klocka, https://swedroid.se/pressbilder-pa-galaxy-watch-4-och-galaxy-buds-2/ och berättar att bone-conducting hörlurar är magiskt bra https://www.ljudochbild.se/test/horlurar/tradlosa-traningsproppar/aftershokz-trekz-titanium/?hw=1 EGNA LÄNKAR - En Liten Podd Om IT på webben, http://enlitenpoddomit.se/ - En Liten Podd Om IT på Facebook, https://www.facebook.com/EnLitenPoddOmIt/ - En Liten Podd Om IT på Youtube, https://www.youtube.com/channel/UCf0vgNRHAzckDMyh8inuYmQ - Ge oss gärna en recension - https://podcasts.apple.com/se/podcast/en-liten-podd-om-it/id946204577?mt=2#see-all/reviews - https://www.podchaser.com/podcasts/en-liten-podd-om-it-158069 LÄNKAR TILL VART MAN HITTAR PODDEN FÖR ATT LYSSNA: - Apple Podcaster (iTunes), https://itunes.apple.com/se/podcast/en-liten-podd-om-it/id946204577 - Overcast, https://overcast.fm/itunes946204577/en-liten-podd-om-it - Acast, https://www.acast.com/enlitenpoddomit - Spotify, https://open.spotify.com/show/2e8wX1O4FbD6M2ocJdXBW7?si=HFFErR8YRlKrELsUD--Ujg%20 - Stitcher, https://www.stitcher.com/podcast/the-nerd-herd/en-liten-podd-om-it LÄNK TILL DISCORD DÄR MAN HITTAR LIVE STREAM + CHATT - http://discord.enlitenpoddomit.se (Och glöm inte att maila bjorn@enlitenpoddomit.se om du vill ha klistermärken, skicka med en postadress bara. :)
hello everyone my name is vijay kumar Devireddy and i am glad to have you back on my episode 19 today we are discussing about Disk encryption, encryption is a process that scrambles data into unreadable information.It does this to ensure that nobody can read it,except the person who holds the secret key.This ensures confidentiality.If you have the key you can unlock that randomized data and translate it back into something readable.Think about it like a magic machine.The information goes in one side,and out the other side comes a jumbled mess.Without that key you don't know how to read the jumbled mess.Another example of this is actually language.I'm speaking English right now.If I spoke English into my machine and out the other side came Spanish,and you didn't understand Spanish,it would be encrypted, and you wouldn't understand it.But if you knew the key,meaning you understood Spanish,you could understand everything that was being said.There are two different types of encryption,hardware-based and software-based.The first one we're going to talk about is hardware-based encryption.A great example of this is a self-encrypting drive.It looks like an external hard drive,and it has embedded hardware that performs full disk, or whole disk encryption.These are very fast, unfortunately,they're also very expensive, so they're not commonly used.Instead, most people use software-based encryption in the marketplace and in our organizations. Luckily for us, there are two forms of whole disk encryption already embedded into our operating systems if we're using Mac or Windows.In a Mac we have a system called FileVault where we can turn on whole disk encryption with a single click.This is located under your system preferences and under the security tab.On Windows we use a system called BitLocker.BitLocker, again, is very easy to turn on.If I want to encrypt my D drive I simply right-click it,turn on BitLocker, and then I'll be able to encrypt the entire drive with a single click.As I said previously, encryption requires a key.And when you're using BitLocker specifically you're actually going to be using a hardware key that resides on your motherboard.It's called the Trusted Platform Module, or TPM.This TPM chip resides on the motherboard,and it contains the encryption key inside of it.This is what BitLocker is going to use to encrypt your drive.So if you're going to take that hard drive out and put it into another system you have to decrypt that drive first,otherwise you're not going to be able to decrypt it on the other system because it has a different TPM module and different secret key.If your motherboard doesn't have TPM you still can use BitLocker, but instead you have to use an external USB drive as a key.It'll store the key on that USB drive.But if you use that USB drive you're never going to be able to unlock that hard drive again.Because every time you boot up that computer you have to make sure you have that USB key inserted so it can unlock the drive.Both BitLocker and FileVault use the same type of encryption. They use Advanced Encryption Standard, also known as AES.AES is a symmetric key encryption that supports 128-bit and 256-bit keys, and is considered unbreakable as of the time of this recording.Encryption sounds like a wonderful thing, and it is.It secures our data and keeps prying eyes out.It secures our data and keeps prying eyes out.But it does have some drawbacks.Encryption adds additional security for us,but it comes with a lower performance for your system.If I'm doing whole disk encryption that means before I can even boot up the computer and read things from that drive I have to decrypt it,and that takes time and processing.So you have to remember there is a sacrifice in speed and performance when you're using full disk encryption.Because of this performance hit some people decide not to use full disk encryption.
Il Deepfake : la famosa tecnica per la sintesi dell'immagine umana basata sull'intelligenza artificiale.... Sta diventando un enorme fenomeno sociale!Sarà mica giunto il tempo di stare attenti a dove si andrà a finire?Per il podcast: https://bit.ly/2RnLlil Fonti:https://en.wikipedia.org/wiki/Trusted_Platform_Module https://www.schneier.com/blog/archives/2020/10/detecting-deep-fakes-with-a-heartbeat.html https://www.nbcnews.com/news/us-news/pennsylvania-cheer-squad-mom-allegedly-cyberbullied-minors-deepfakes-officials-say-n1261055 TELEGRAM https://t.me/br1brownOfficial INSTAGRAM https://www.instagram.com/br1.brown/
This time around we look again at the FutureTPM project. This consortium is committed to future proofing todays crypto algorithms by developing the quantum resistant Trusted Platform Module. In other words, FutureTPM is paving the way for computer security in a post quantum computer world. We are joined by Technical Lead, Thanassis Giannetsos from the Technical University of Denmark. This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement number 779391 See omnystudio.com/listener for privacy information.
In this episode we explore the FutureTPM project again. This consortium is committed to future proofing todays crypto algorithms by developing the quantum resistant Trusted Platform Module. In other words, they are developing hardware and software security standards systems to withstand the brute force of the quantum computer...which is coming. We welcome the project technical lead, Liqun Chen from the University of Surrey. See omnystudio.com/listener for privacy information.
IT Manager Podcast (DE, german) - IT-Begriffe einfach und verständlich erklärt
Die Abkürzung TPM steht für Trusted Platform Module. Es handelt sich hierbei um einen Mikrochip, der Computer oder ähnliche Geräte um grundlegende Sicherheitsfunktionen erweitert, um die Plattformintegrität sicherzustellen. Sobald es auf einem System installiert ist, dient es zur sicheren Hinterlegung von Schlüsseln, Passwörtern und digitalen Zertifikaten, um eine Plattform-Validierung zu ermöglichen, eine zentrale Vertrauensbasis einzurichten und die Voraussetzungen für das Management von Anwender-Legitimationen zu schaffen. Außerdem lässt sich mit dem TPM verifizieren, dass an der Hardware keine Veränderungen vorgenommen wurden und am BIOS keine Manipulationen erfolgt sind. TPM-Chips werden grundsätzlich nach der TCG-Spezifikation entwickelt. Die TCG-Spezifikation basiert auf einem offenen herstellerneutralen Industriestandard, der durch die Trusted Computing Group, einer Non-Profit-Organisation von Firmen, für das Trusted Computing entwickelt, definiert und gefördert wird. Das TPM ist laut TCG-Spezifikation ein passives Modul. Das bedeutet, dass jede Aktion einer TPM-Komponente von außerhalb des TPM über eine entsprechende Schnittstelle angestoßen werden muss. Auf den ersten Blick ist es mit einer Chipkarte vergleichbar. Das heißt es enthält unter anderem logische Einheiten, Speicherbereiche und einen Ein-/Ausgabekanal. Der signifikante Unterschied besteht jedoch darin, dass ein TPM-Chip an eine Plattform bzw. ein System gebunden ist, wogegen eine Chipkarte in aller Regel einen einzigen Besitzer hat. Die Sicherheitsfunktionen, die die TPM-Module bieten, sind umfassend. Dazu zählen: Versiegelung, Auslagerung, Bescheinigung, Schutz für kryptografische Schlüssel und sicherer Zufallsgenerator. Mit der Verschlüsselung, die auch als Sealing bezeichnet wird, können Daten an das Gerät verbunden verschlüsselt werden. Die krypotgrafischen Schlüssel werden direkt im TPM Modul abgelegt. Damit wird die Sicherheitsfunktion 'Schutz für kryptografische Schlüssel' implementiert. Vor einem Hard- oder Softwareangriff sind die Schlüssel so sehr weitreichend geschützt. Durch die als Binding oder Wrapping bezeichnete Auslagerung lassen sich Schlüssel auf externe Speicher exportieren, wodurch die Zahl der Schlüssel bei TPMs nahezu unbegrenzt ist. Mittels Remote Attestation oder Bescheinigung sichert die Technik einer entfernten Partei Fähigkeiten und Zustand des Systems zu. Meist kommen dafür das Privacy CA (Trusted Third Party) Verfahren oder die Direct Anonymous Attestation zum Einsatz. Über das Sicherheitsfeature sicherer Zufallsgenerator garantiert Ihnen das TPM gemäß der TCG-Spezifikation einen zuverlässigen Zufallsgenerator bereitzustellen, der für eine sichere Verschlüsselung unabdingbar ist. Außerdem sind im Trusted Platform Module diverse Zertifikate und Schlüsselpaare enthalten, die zum einen die Korrektheit des Herstellungsprozesses bestätigen sollen und zum anderen das Modul eindeutig identifizieren und zum Verschlüsseln oder digitalen Signieren von Daten dienen. Endorsement Zertifikat — Dieses Zertifikat bestätigt die Echtheit des TPM. Genaugenommen wird sichergestellt, dass das TPM von einem autorisierten Hersteller bereitgestellt wurde. Das TPM wird in dem Zertifikat durch ein 2048 Bit langes Schlüsselpaar, dem sog. Endorsement Key, eindeutig repräsentiert. Dieses Schlüsselpaar wird entweder bei der Herstellung des TPM-Chips vom Hersteller erzeugt oder erst zu einem späteren Zeitpunkt im Chip gebildet. In beiden Fällen verlässt der Endorsement Key das Trusted Platform Module niemals. Der Endorsement Key wird verwendet, um sog. Attestation Identity Keys, kurz AIK zu erzeugen. Der Attestation Identity Key schützt das Gerät gegen unautorisierte Firmware und modifizierte Software. Dafür wird ein Hash kritischer Sektionen der Firmware oder der Software erstellt, bevor sie ausgeführt wird. Will sich das System mit einem Netzwerk verbinden, werden diese Hash-Werte zu einem Server geschickt, der sie mit gespeicherten, legitimen Daten abgleicht. Wurden Teile seit dem letzten Start modifiziert, schlägt die Überprüfung fehl und das jeweilige System erhält keinen Zugriff aufs Netzwerk. Platform Zertifikat — Das Plattform-Zertifikat wird vom Hersteller der Plattform — also etwa eines PCs, Laptops oder Mobiltelefons — ausgestellt. Es bestätigt, dass alle Plattform-Komponenten der TCG-Spezifikation genügen und dass die Plattform ein gültiges Trusted Platform Module enthält. Es wird also bescheinigt, dass das aktuelle System eine vertrauenswürdige Plattform darstellt. Conformance Zertifikat — Dieses Zertifikat bestätigt, dass das TPM-Design in der Plattform der TCG-Spezifikation genügt und das TPM korrekt implementiert ist. Validation Zertifikat — Dieses Zertifikat stellt für Komponenten oder Komponentengruppen wie beispielsweise Grafikkarten oder Eingabegeräte die Übereinstimmung und Korrektheit der Implementierung gegenüber der TCG-Spezifikation sicher. Die genannten Zertifikate dienen dem Nachweis der Vertrauenswürdigkeit des Computersystems im Auslieferungs- bzw. Herstellungszustand. Alle entsprechenden Schlüssel befinden sich an ausgezeichneten Speicherplätzen innerhalb des TPMs. Neben diesen Zertifikaten und Schlüsseln enthält jedes Trusted Platform Module einen eindeutigen Storage Root Key, kurz SRK. Der SRK dient zur Ableitung weiterer Schlüssel, so dass eine Schlüssel-Baumstruktur entsteht. Die Blätter dieses Baumes werden zur Verschlüsselung von Daten herangezogen. Der SRK wird erzeugt, sobald die Plattform durch ihren Eigentümer in Besitz genommen wird. Als weitere fundamentale Basiskomponenten des Trusted Platform Module sind die Roots of Trust zu nennen. Die Roots of Trust for Measuring Integrity Metrics (RTM) sind für das Messen und Aufzeichnen von bestimmten sicherheitsrelevanten Zuständen und das Protokollieren der Zustände im Trusted Platform Module verantwortlich. Durch die Roots of Trust wird sichergestellt, dass sich das Computersystem in einem vertrauenswürdigen Nachfolgezustand befindet, wenn eine das System verändernde Aktion ausgeführt wurde. In einem PC heißt die RTM auch CRTM. Bevor wir nun zum Ende unseres heutigen Podcast kommen, möchte ich kurz die wichtigsten Punkte noch einmal zusammenfassen. Mit einem Trusted Platform Modul können Sie ihre Geräte wie Mainboards von PCs, Notebooks und Mobiltelefone um grundlegende Sicherheitsfunktionen erweitern. Zusammen mit einem angepassten Betriebssystem und einer geeigneten Software erstellen Sie mit einem Trusted Platform Modul eine Trusted Computing Plattform. Diese ermöglicht eine weitreichende und umfangreich konfigurierbare Zugriffs- und Verwendungskontrolle, die typischerweise in Bereichen wie dem Lizenzschutz und dem Datenschutz genutzt wird. TPM-Chips stellen Ihnen verschiedene Sicherheitsfunktionen bereit um die Plattformintegrität zu gewährleisten. Kurzum: Auf ein TPM kann immer dann zurückgegriffen werden, wenn es gilt, sichere kryptografische Operationen durchzuführen und/oder ein sicheres Speichermedium bereitzustellen. Kontakt: Ingo Lücker, ingo.luecker@itleague.de
IT Manager Podcast (DE, german) - IT-Begriffe einfach und verständlich erklärt
Heute dreht sich alles um das Thema: „Was ist eigentlich ein Bitlocker?” Bei BitLocker handelt es sich um eine Sicherheitsfunktion von Microsoft, die in bestimmten Versionen des Windows-Betriebssystems integriert ist und eine Verschlüsselung der Systemlaufwerke, Festplatten oder Wechseldatenträger ermöglicht. Dadurch bleiben die Daten bei Diebstahl oder beim physischen Entfernen einer Festplatte aus einem Rechner geschützt. Die BitLocker-Laufwerkverschlüsselung sorgt in erster Linie dafür, dass Nutzer Daten nur dann lesen oder schreiben können, wenn sie über das erforderliche Kennwort bzw. die entsprechenden Smartcard-Anmeldeinformationen verfügen oder aber ein Datenlaufwerk auf einem Computer verwenden, der mit Bitlocker geschützt wird und über die entsprechenden Schlüssel verfügt. Darüber hinaus können Nutzer mit der BitLocker-Verschlüsselung ihr System so konfigurieren, dass dieses nur dann gestartet werden kann, wenn die richtige PIN eingegeben oder eine Schlüsseldatei auf einem Wechseldatenträger bereitgestellt wird. Wie funktioniert die BitLocker-Verschlüsselung nun genau? Zunächst einmal müssen Sie wissen, die BitLocker-Verschlüsselung durch den Advanced Encryption Standard, kurz AES, erfolgt. Die Schlüssellänge beträgt dabei 128 oder 256 Bit. Außerdem setzt BitLocker für den Idealfall voraus, dass in dem System, dessen Laufwerke verschlüsselt werden sollen, eine Trusted Platform Module -Lösung integriert ist. Hierbei handelt es sich um einen Chip, der grundlegende Sicherheitsfunktionen zur Verfügung stellt. Zwar ist ein solcher TPM-Chip für die Aktivierung von BitLocker optimal, aber nicht zwingend erforderlich. Kehren wir nun zur Frage zurück, Wie funktioniert die BitLocker-Verschlüsselung nun genau? Um ein Systemlaufwerk verschlüsseln zu können, benötigt BitLocker grundsätzlich eine eigene Partition auf der Systemfestplatte. Auf dieser befinden sich dann alle notwendigen Daten, um den Rechner zu starten und die verschlüsselten Daten der Betriebssystem-Partition zu laden. Wird die Verschlüsselung aktiviert, erstellt Windows bei Bedarf diese Partition automatisch. Diese Systempartition greift dann vor jedem Starten des Betriebssystems auf den TPM-Chip zu, um sicherzustellen, dass die Hardware im Offlinezustand weder verändert noch manipuliert wurde. Sobald die Integrität des Systems durch das TPM-Chip sichergestellt wurde, entschlüsselt BitLocker die Systemfestplatte und das Betriebssystem kann endlich starten. Grundsätzlich lässt BitLocker lässt sich abhängig von der Ausstattung des Computers in fünf verschiedenen Varianten betreiben. Computer ohne Trusted Platform Module- Wenn im Computer kein TPM-Chip integriert ist, speichert BitLocker die Daten auf einem USB-Stick. Dieser muss mit dem Computer verbunden sein, damit BitLocker booten kann. Computer mit Trusted Platform Module- Hier entschlüsselt BitLocker die Daten mit der im TPM gespeicherten Prüfsumme. Trusted Platform Module und PIN - Bei dieser Variante müssen Anwender zusätzlich bei jedem Neustart des Computers eine PIN eingeben. TPM und Startschlüssel - Statt der PIN verwendet der Computer einen Startschlüssel, der von einem USB-Stick bezogen wird. Recovery-Schlüssel - Diese Funktion wird benötigt, wenn sich die Hardware des Computers ändert oder Anwender ihre PIN nicht mehr kennen. Welche Windows-Versionen unterstützen die BitLocker-Verschlüsselung? Die Bitlocker-Verschlüsselung wird grundsätzlich nur von bestimmte Windows-Versionen unterstützt. Dazu zählen: die Ultimate- und Enterprise-Versionen von Windows Vista die Ultimate- und Enterprise-Versionen von Windows 7 die Pro- und Enterprise-Versionen von Windows 8 und Windows 8.1 die Pro- und Enterprise-Versionen von Windows 10 die Windows-Server-Versionen ab Windows Server 2008 In Windows 10 Home ist die Unterstützung der Verschlüsselung zwar grundsätzlich vorhanden aber nicht nutzbar. Bevor wir nun zum Ende unsere heutigen Podcasts kommen, möchte ich noch ganz kurz auf die Vor-und Nachteile der BitLocker-Verschlüsselung eingehen. Die BitLocker-Verschlüsselung bietet zahlreiche Vorteile. Dazu zählen: die Sicherheitsfunktion ist vollständig in das Windows-Betriebssystem integriert und einfach zu bedienen. die Bitlocker-Verschlüsselung verhindert, dass Festplatten aus einem Rechner entfernt und auf einem anderen Rechner eingelesen werden. Somit sind beim Diebstahl eines Rechners die Daten geschützt und für Unbefugte ohne Kenntnis des Schlüssels, der PIN oder dem Besitz der Schlüsseldatei nicht lesbar. die Vertrauliche Daten werden durch den Advanced Encryption Standard 128/256 gesichert der Login ist nur per Trusted Platform Module oder per Master – Key vom System möglich Neben bereits genannten Vorteilen birgt die BitLocker-Verschlüsselung auch Nachteile, wie die verzögerte Startzeit beim Booten die geringfügige erhöhte Auslastung des Systems und der Zugriffssperre, bei Verlust oder beim Vergessen des Login-Keys Zusammenfassend lässt sich sagen, dass man mit BitLocker sowohl eine effektive Datensicherung als auch Datenschutz gewährleisten kann. Auch wenn es einige Nachteile gibt, sollten Sie nicht vor einer BitLocker-Verschlüsselung abschrecken lassen. Kontakt: Ingo Lücker, ingo.luecker@itleague.de
W szóstym odcinku przybliżamy wam tematykę zabezpieczeń nowoczesnych procesorów i SoCW odcinku poruszamy szereg zagadnień bezpieczeństwa których bazą są sprzętowe rozwiązania zaszyte w nowoczesnych układach scalonych znajdujących się np w każdym smartfonie. Ten z pozoru prosty przedmiot codziennego użytku posiada wbudowaną technologię której nie są w stanie złamać nawet wyspecjalizowane komórki rządowych agencji bezpieczeństwa. Staramy się pokazać, jak ogromną zasługą w zachowaniu bezpieczeństwa i poufności zarówno naszej korespondencji jak i komunikacji np z bankiem, mają te małe płatki krzemu które są cichymi towarzyszami naszych codziennych połączeń poprzez publiczną sieć Internet.Prowadzący: Radosław Biernacki, Michał Stanek, Jan Dąbroś, Konrad DulębaHashtag: ArmTrustZone, ATF, ArmTrustedFirmware, Android, Security, Trusty, TEE, OP-TEE, SecureBoot, VerifiedBoot, Firmware### Plan odcinka# 0:08 - Wstęp# 1:25 - Kim jesteśmy# 5:40 - Dlaczego rozwiązania sprzętowe są podstawą modelu bezpieczeństwa# 9:17 - Czym są enklawy kryptograficzne# 10:48 - Reverse engineering krzemu# 14:45 - Arm Trust Zone# 22:22 - Trusted Platform Module# 24:47 - Jak i po co łączyć ATZ i TPM# 26:18 - Czy do budowy enklawy konieczny jest element zewnętrzny# 30:29 - Android jako modelowy przykład bezpiecznego systemu operacyjnego# 30:50 - UID jako podstawa dla sandbox# 32:09 - TEE (Trusty) jako podstawa enklawy kryptograficznej# 35:30 - Full Disk Encryption# 36:40 - File Based Encryption# 39:03 - API do kryptografii bazowane na enklawie# 41:00 - Luki bezpieczeństwa w TEE# 42:16 - Enklawy jako podstawa dla DRM ;(# 44:05 - SGX od Intela# 48:47 - Verified Boot i Secure Boot# 54:45 - Dlaczego nie powinno się “root’ować” smartfona# 58:48 - Trusted Platform Module - detale działania# 1:00:15 - TPM + Bitlocker# 1:02:00 - Atestacja serwerów przy pomocy TPM# 1:02:58 - Czy TPM chroni przed atakami fizycznymi? Czyli dlaczego nie szyfruj Bitlocker`em bez hasła ;)# 1:06:45 - Czym jest Yubikey i dlaczego jeszcze go nie używasz?# 1:09:10 - PSD2 vs Yubikey vs Smartfon# 1:10:11 - Protected Confirmation# 1:11:59 - Czy nadal używasz PC do przelewów?# 1:15:32 - Zakończenie### LinkiTrustzone TEEhttps://www.trustkernel.com/uploads/pubs/TZResearch_GetMobile2018.pdfhttps://www.arm.com/files/pdf/20160701_A04_ATF_Taiwan_I-Wei_Lin.pdfTEE, Secure & Measured Boot for Samsung Payhttps://developer.samsung.com/tech-insights/pay/device-side-securityBasics of TBSA https://www.arm.com/files/pdf/20160628_A01_ATF_Korea_Udi_Maor.pdfApple TouchIDhttps://hackernoon.com/demystifying-apples-touch-id-4883d5121b77(Programista 2017, numer 63, artykuł Jana Dąbrosia) - tzw. Biblia Arm TrustZone :Phttps://drive.google.com/drive/u/0/folders/0BwLtsK2HpuELallaSFcxb2RtR3c Extracting ECDSAKeys from Qualcomm’s TrustZone:https://www.nccgroup.trust/globalassets/our-research/us/whitepapers/2019/hardwarebackedhesit.pdfGoogle IO Android Securityhttps://www.youtube.com/watch?v=0uG_RKiDmQYhttps://www.youtube.com/watch?v=r54roADX2MIVerified Boothttps://www.chromium.org/chromium-os/chromiumos-design-docs/verified-boot (grep TPM)https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/42038.pdfhttps://source.android.com/security/verifiedboot/dm-verityhttps://www.youtube.com/watch?v=kdpZC9jFzZATrusty (TEE)https://source.android.com/security/trustyTPM is SWhttps://pdfs.semanticscholar.org/42e5/216f57b17bb7dba13a2b73e36b4c057a6c96.pdfGoogle Titanhttps://android-developers.googleblog.com/2018/10/building-titan-better-security-through.htmlhttps://developer.android.com/training/articles/keystore#HardwareSecurityModuleApplowy secure chip (jak Titan)https://www.apple.com/mac/docs/Apple_T2_Security_Chip_Overview.pdfPorównanie Titan’a i TPMa:https://harry.uno/post/google-titan.htmlYubikey w srodkuhttp://www.hexview.com/~scl/neo5/iOS Securityhttps://inst.eecs.berkeley.edu/~cs261/fa18/scribe/11_14_revised.pdfhttps://www.apple.com/business/docs/site/iOS_Security_Guide.pdf (grep Secure Enclave)Blackhat Demystifying TPMhttps://www.blackhat.com/docs/us-16/materials/us-16-Mandt-Demystifying-The-Secure-Enclave-Processor.pdfhttps://www.bleepingcomputer.com/news/security/tpm-chipsets-generate-insecure-rsa-keys-multiple-vendors-affected/Blackhat 2010 Semiconductor Security Awareness Today and yesterday https://www.youtube.com/watch?v=WXX00tRKOlwSGXhttps://hackernoon.com/adventures-of-an-enclave-sgx-tees-9e7f8a975b0bhttps://news.ycombinator.com/item?id=17463687https://lwn.net/Articles/786487/https://software.intel.com/sites/default/files/managed/f1/b8/intel-sgx-support-for-third-party-attestation.pdfhttps://software.intel.com/en-us/blogs/2018/12/09/an-update-on-3rd-party-attestationhttps://medium.com/golem-project/graphene-v1-0-has-been-released-cca5443f0887Private contact discovery for Signalhttps://signal.org/blog/private-contact-discovery/Ataki na file based encryption w Android 7https://delaat.net/rp/2016-2017/p45/report.pdfWidevine DRM on OPTEEhttps://www.slideshare.net/linaroorg/las16406-android-widevine-on-optee
In this episode, we discuss TPM technology. What is it and where is it used?
Avsnitt 100: tankar och funderingar HPE kan ta sig i baken OnePlus har klantat sig igen Livet i Bitlockerland Atomic blonde Firefox quantum - blir det fart igen nu? En lärdom vid installation av gamla Macos-versioner Twitterrific har inte vunnit över Fredrik helt Länkar Thomann Kodsnack-livepodden UFO-Sverige Handcuffs, really? Oneplus glömmer kvar bakdörr i alla telefoner Qualcomm Fredrik gillade Oneplus 5 rätt mycket Xiaomi Bitlocker TPM Atomic blonde - veckans film The wedding singer Poddintervjun med Antony Johnston, som skrivit serien filmen är baserad på Firefox quantum Steve Klabnik Rust Servo Twitterrific Tweetbot John Roderick Tweetmarker - pålitlig även om webbläsaren varnar för certifikatet Fullständig avsnittsinformation finns här: https://www.bjoremanmelin.se/podcast/avsnitt-101-en-sa-kallad-actionrulle.html.
It is the last day of Google Cloud Next 2017 and we got two amazing interviews for you: Titan chips, head of Marketing, and head of Solution Architects, and more in a single episode! One more day, Francesc and Mark are back with a daily episode from Google Cloud Next! Today we interview some of the many Google Cloud Partners attending the conference. Daily Highlights Full Day 3 Keynote 100 announcements (!) from Google Cloud Next ‘17 Interviews Cornelius and Neal Cornelius Willis is the Head of Marketing for Google Cloud Platform, and Neal Mueller is a Product Marketing Lead also at Google Cloud Platform. They joined us today to tell us more about Titan, a new Trusted Platform Module designed by Google and for Google Cloud Platform, and a very fancy jewelry accessory! Watch Urs Hölzle talk about his earring/Trusted Platform Module here. Miles Ward Miles Ward is the Global Head of Solutions at Google Cloud Platform, and he joins us to share his Cloud Next experience and that of some of the many customers he got to interact with. You can find all of our Google Cloud Platform Solutions at cloud.google.com/solutions. More about Cloud Next This is the last episode of Google Cloud Next, but you can find a great amount of content on the Google Cloud YouTube Channel.
ThunderStrike 2: Sith Strike Trammel Hudson Vice President, Two Sigma Investments Xeno Kovah Co-founder, LegbaCore, LLC Corey Kallenberg Co-Founder, LegbaCore, LLC The number of vulnerabilities in firmware disclosed as affecting Wintel PC vendors has been rising over the past few years. Although several attacks have been presented against Mac firmware, unlike their PC counterparts, all of them required physical presence to perform. Interestingly, when contacted with the details of previously disclosed PC firmware attacks, Apple systematically declared themselves not vulnerable. This talk will provide conclusive evidence that Mac's are in fact vulnerable to many of the software only firmware attacks that also affect PC systems. In addition, to emphasize the consequences of successful exploitation of these attack vectors, we will demonstrate the power of the dark side by showing what Mac firmware malware is capable of. Trammell Hudsonenjoys taking things apart and understanding how they work. He presented the Thunderstrike firmware vulnerability at 31C3, created the Magic Lantern firmware for Canon cameras, and teaches classes at the Brooklyn hackerspace NYC Resistor. Twitter: @qrs Web: https://trmm.net/ Xeno Kovah's speciality area is stealth malware and its ability to hide from security software and force security software to lie. To combat such attacks he researches trusted computing systems that can provide much stronger security guarantees than normal COTS. He co-founded LegbaCore in 2014 to help improve security at the foundation of computing systems. He is also the founder and lead contributor to OpenSecurityTraining.info. He has posted 9 full days of class material material on x86 assembly, architecture, binary formats (PE and ELF), and Windows rootkits to OpenSecurityTraining.info. Twitter: @XenoKovah Twitter: @legbacore Corey Kallenberg is a co-founder of LegbaCore, a consultancy focused on evaluating and improving host security at the lowest levels. His specialty areas are trusted computing, vulnerability research and low level development. In particular, Corey has spent several years using his vulnerability research expertise to evaluate limitations in current trusted computing implementations. In addition, he has used his development experience to create and improve upon trusted computing applications. Among these are a timing based attestation agent designed to improve firmware integrity reporting, and an open source Trusted Platform Module driver for Windows. Corey is also an experienced trainer, having created and delivered several technical courses. He is an internationally recognized speaker who has presented at BlackHat USA, DEF CON, CanSecWest, Hack in the Box, NoSuchCon, SyScan, EkoParty and Ruxcon. Twitter: @CoreyKal Twitter: @legbacore
Trusted Computing: sicurezza o fine del controllo sui propri computer? – Breve panoramica – Parola chiave: crittografare – il chip TPM, Trusted Platform Module detto Fritz – Curtained Memory – Microsoft’s Next Generation Secure Computing Base (NGSCB), fu Palladium – il Nexus – Tecnologie software: isolamento dei processi, sealed storage, percorsi sicuri, attestation – Remote … Leggi tutto "TA 003 – Chi ha Paura di Palladium?"