You do not store certificates on an HSM, you generate the private key on it and use that to sign things. Certificates that end up in actual use are further many chains removed from the root keys.
if the goal is to gain access to HSM’s signing functionality and you don’t need to know the HSM’s keys to gain access to its signing functionality then something else is being guarded that is essentially the key.. For example be it a machine locked in a room, then the room key is the key. Or maybe someone’s retina, or a sign-off from someone with clearance, etc. (at least in theory)
That’s a general theory though, but I’d think the same fundamentals apply
Also this only serves to prove that some powerful entity that operates on secrecy, like a government or mega corp, is likely who executed this. I’d like to fantasize some suave, determined black market salesman with a rough childhood and his band of cyber criminals broke into both of these facilities, but seeing how difficult it is to accomplish something like this, it seems more likely that someone just let them in through the front door.
This and just the economics of it. It makes sense to sell at what price the market can handle, as long as it's above direct production cost (which it is). It's basically cheap marketing that happens to align with patient interests.
Secure remote control requires secure systems, which in turn requires secure humans, and we will never solve this last requirement.
The way around this is by preventing systemic attacks. Analogous is how paper voting—while vulnerable to things like vote stuffing—isn't susceptible to the systemic problems that electronic voting typically is.
I'd say secure systems need to be based on the assumption of insecure humans. Nothing is absolute in security but we definitely should start the analysis expecting people to behave incorrectly and insecurely. This is not a new problem: https://en.wikipedia.org/wiki/Byzantine_fault_tolerance
And it's unknown which factors here are cultural and which are biological. Society is trying to treat this as only a cultural thing but we're still highly evolved cellular automatons.
Don't let perfect be the enemy of good here, replacing doughnuts , chips, bagels and pasta with say black rice or boiled potatoes still has nutrients benefits. Just choose something with an incrementally better nutrients profile.
Totally. I deliberately chose bagels and pasta as being foods as calorie rich and nutritionally empty as a can of coke. Yet people think their pasta salad is healthy.
I've been eyeing BioImplant for a few years now, wondering why they don't get more coverage. Any stories on that? A panacea would be something like this with an bio-engineered PDL.
There are many implant companies, all vying for attention. It's difficult to fight through all the noise. The top academic journals are another barrier: their main concern appears to be to maintain the status quo.
Popular science journalists didn't express any interest when we approached them. I was very surprised by this!
Lastly - and probably most importantly - the company really needs to get a decent PR person on board!
