Showing posts with label VerifiedBoot. Show all posts
Showing posts with label VerifiedBoot. Show all posts

2013-12-31

chromebook #ChromeOS #VerifiedBoot

12.12: web.cyb/sec/chrome's verified boot:
Verified boot provides a means of
getting cryptographic assurances
that the Linux kernel, non-volatile system memory,
and the partition table are untampered with
when the system starts up.
This approach is not "trusted boot"
as it does not depend on a TPM device
or other specialized processor features.
Instead, a chain of trust is created
using custom read-only firmware
that performs integrity checking on
a writable firmware.
The verified code in the writable firmware
then verifies the next component in the boot path,  and so on. 
11.8: news.cyb/chrome/doing well while ms declines:
. chromebooks grow while microsoft shrivels?
. promising better security makes a diff .
12.25: best-seller on amazon:
. the best selling laptop on amazon.com [2013.1]
was the Samsung ARM-powered, Linux-based Chromebook.

7.28: news.cyb/chrome/sec
/some vulnerabilities found but many avoided:
application-sandboxes-a-pen-testers-perspective .
see also pdf .
. Chrome OS kernel exploits are not easy,
but are of medium difficulty to pull off;
OS user mode exploits are very difficult,
and every other penetration test was
not even applicable to Chrome OS
-- these included off the shelf exploits,
and various sandbox leakages:
keylogging, remote webcam/mic access,
clipboard hijack, screen scraping,
file stealing, network shares access . 

2013-12-15

you want my wot?!

11.4: pos.cyb/net.mywot/you want my wot?!
. after I found out I really need to
integrate mywot into chrome browser
in order to post reviews of sites;
I was not so sure I felt safe
having them read my every link;
and, with malware so good at cracking any site,
what is the purpose of a service like mywot
that pretends today's safe site
is likely to be tomorrow's safe site ?
12.15:
. simply trust who you have to;
and have separate virtual machines
for each level of trust;
eg, have at least these levels:
# banks,
# the pit for everyone else .
. when I want to use my bank,
I restart my chromebook
to have its verified boot flush the malware .