zlacker

[return to "The Dangers of Microsoft Pluton"]
1. Gh0stR+eg[view] [source] 2022-07-26 06:26:56
>>gjsman+(OP)
I'm completely missing how his example of a Word document that can only be opened by approved users on approved hardware within the corporation is supposed to be a bad thing.

Honestly, that sounds pretty fantastic. I've been using 3rd party tools/extensions to do this sort of thing in corporate and government environments for years, but having the attestation go all the way down to the hardware level is a big value-add, especially with so much ransomware/spyware/extortion/espionage going on these days.

Can someone please explain to me how the author might see this level of security as a bad thing?

◧◩
2. squiff+qi[view] [source] 2022-07-26 06:47:34
>>Gh0stR+eg
Sure it's fantastic in a corporate environment. Not so fantastic for personal devices. Basically this: https://youtu.be/XgFbqSYdNK4
◧◩◪
3. nine_k+8p[view] [source] 2022-07-26 08:02:23
>>squiff+qi
Well, don't put that on a personal device.

It's like your company giving you serious protecting gear to wear while doing your work on a nuclear reactor is a good thing. But having to wear such gear at home is not a popular choice, and should not be required.

◧◩◪◨
4. palata+ks[view] [source] 2022-07-26 08:34:42
>>nine_k+8p
How do you choose what you put in your CPU? What when Windows forces you to have that kind of hardware?

You can choose not to wear that gear, but choosing to not use Windows is much more complicated, at least for most people.

◧◩◪◨⬒
5. joseph+Yw[view] [source] 2022-07-26 09:24:12
>>palata+ks
I imagine if the proponents of these systems had their way, they'd add remote attestation to websites too. Imagine your bank's website only loading on a "secure" windows environment, non-rooted android phone or an iphone.

Once these chips are in everyone's devices, it would be quite easy to add this stuff technically. And in doing so, break the web on non-approved hardware or software (like linux).

Edit: Actually on the subject of worst case scenarios: If the trusted computing attestation process was extended through the web browser, it would be possible to build a website which is impossible to scrape or interact with in any unapproved way, from any unapproved device. Eat your heart out Aaron Schwartz.

◧◩◪◨⬒⬓
6. nobody+Ay[view] [source] 2022-07-26 09:40:46
>>joseph+Yw
> imagine if the proponents of these systems had their way, they'd add remote attestation to websites too. Imagine your bank's website only loading on a "secure" windows environment, non-rooted android phone or an iphone.

Actually, IIUC this is already the case on Android[0].

Some (many? most?) banks/banking apps are rejecting (and/or complaining about) access from rooted phones right now.

I can't confirm this personally, as I'd rather have my tonsils extracted through my ears than use a surveillance device^W^W smart phone to do anything financially related.

Perhaps someone who uses banking apps on their surveillance device could chime in on that?

[0] https://www.howtogeek.com/241012/safetynet-explained-why-and...

◧◩◪◨⬒⬓⬔
7. vetina+WO[view] [source] 2022-07-26 12:09:02
>>nobody+Ay
> I'd rather have my tonsils extracted through my ears than use a surveillance device^W^W smart phone to do anything financially related.

Well, it gets even better, even for folks with principles like you have.

If you want to use general computer, you need to log in. For logging in, you need second factor. That second factor is going to be in 99,99% cases exactly the app in the smartphone, that refuses to run on rooted devices.

So no avoidance, if you want access to your account.

[go to top]