This one is even worse than the wireless issue. This came across an alias at work
“A crippling flaw in a widely used code library has fatally undermined the security of millions of encryption keys used in some of the highest-stakes settings, including national identity cards, software- and application-signing, and trusted platform modules protecting government and corporate computers.
The weakness allows attackers to calculate the private portion of any vulnerable key using nothing more than the corresponding public portion.”
This flaw affects TPM chips used in laptops as well, requiring firmware updates. . Apparently you’d need to suspend BitLocker, apply the OS update, firmware update, clear TPM, re-enable BitLocker in order to fix the vuln.
This reminds me of one of my first jobs (gubmint of AZ) where our super secret squirrel user IDs were based directly and solely on employees social security numbers (it was a simple base 36 conversion). I recognized what was happening instantly (long story…) and indicated publicly the issues I had with that. Of course, I was the one that got in trouble ("what, you mean my crappy 30K/year gubmint job is at risk…say it isn’t so!) rather than the programmer/team that came up with it and put everyone’s personal info at risk.
And that’s the bright spot in all this, same as KRACK. The underlying crypto is still valid, it’s just shoddy workmanship on top of it. Makes addressing it painful but possible.
bahaha… never once trusted “trusting computing” I even find UEFI suspicious.
Good thing no one ever really uses Infineon SmartCards. Oh wait… does this mean that our credit cards are exploitable?! A quick product search show YES.