zlacker

[parent] [thread] 1 comments
1. null0p+(OP)[view] [source] 2023-07-27 21:49:14
Ok let me know when there’s an OS or browser that’s totally secure. Attestation does not prove that a device meets any security bar. And likewise lack of attestation does not prove that a device does not meet a security bar. Attestation merely shows that a device has been “allowed”. You might argue that all devices with attestation have been audited for security so at least that provides some standard. How well did audits work in the past for things like mortgage backed securities in 2008? No, it doesn’t provide any guarantee other than the power that be are empowered to grant themselves and their friends privileged status while leaving everybody else without a device that can run the software they want.
replies(1): >>charci+Th
2. charci+Th[view] [source] 2023-07-28 00:05:44
>>null0p+(OP)
>Ok let me know when there’s an OS or browser that’s totally secure.

As an industry we are getting better at security and finding and patching vulnerabilities.

>Attestation does not prove that a device meets any security bar.

But it can prove that a device's software and hardware is running software and hardware that does pass your security bar.

>No, it doesn’t provide any guarantee other than the power that be are empowered to grant themselves and their friends privileged status while leaving everybody else without a device that can run the software they want.

Security doesn't have to be perfect in order to be beneficial.

[go to top]