Wave Systems Corp. (fka WAVXQ)

[Chance To See]

The video from the NSA Trusted Computing conference last September specifically describes this scenario from the Time article and speaks about how Trusted Computing provides solutions.

LulzSec may be the headline hacker, but it's not the most malevolent. The black-hat, criminal side of the practice is booming by adopting a similar approach. Cyberthieves have shifted their focus to social networks. Instead of attacking corporate firewalls head-on, they are breaching corporate sites using social engineering, convincing someone within a company that an e-mail is from a friend or colleague. It's a technique called spear phishing: the idea is to identify vulnerable targets — say, someone in human resources or finance — and, through them, burrow into corporate networks. They are feasting on small and medium¬size businesses like wolves on lambs.

http://www.nsa.gov/ia/programs/h_a_p/index.shtml
Click on the “HAP security defeats sophisticated attackers” video link on the right side of the page.

Re-vewing this made it clear that TPMs are an important part of the solution, and also that companies need to put forth a certain amount of effort to understand and implement a full solution, which Wave can be a part of. (This probably has nothing to do with the Sony situation, although I have no idea what happened at Sony.)

Below is a transcript of the part, about 2/3 of the way through, that talks specifically about the Trusted Computing defenses to the scenario they show.

“What prevented Brian from breaking into the host OS? One of the key benefits of Trusted Computing that we mentioned at the beginning of the demo is secure domain separation. Cloudburst and similar exploits take advantage of security vulnerabilities like heap or stack-based memory buffer overflows, direct memory access weaknesses, and insufficient process isolation, to gain unauthorized access to system resources and other processes. To block these attacks and insure secure domain separation, HAP leverages several commercial security technologies. These include hardware security components such as Intel TXT and VT-d, that protect memory and execution space and that isolate input/output devices. They also include Redhat Enterprise Linux with strict SE-Linux security policies as the host OS, and VM-ware virtualization software that has been configured to eliminate vulnerabilities.

“Stopping attacks like the ones we have shown is critical, but since it is unrealistic to assume that we can be 100% successful preventing all attacks, it’s even more importantt to know with confidence whether machines are safe or have been compromised. Bruce had no idea his machine was compromised. Trusted Computing does this through measured boot and remote attestation. Each time a HAP workstation boots it goes through a measured boot process in which critical software measurements are stored on the Trusted Platform Module, an embedded hardware security chip. The TPM, already a core hardware component on most enterprise PCs, is vital because it provides a secure root of trust for the workstation. It stores system measurements and cryptographic keys where they are safe from software-based attacks. When a HAP workstation tries to connect to the network a network authentication server verifies the measurements and machine identity. This process is known as remote attestation. If the new measurement of the software matches the stored safe measurement and if the machine identity is verified, network connection is allowed. But if the software has changed or if the machine identity is wrong, network connection can be denied.”