←back to thread

The Dangers of Microsoft Pluton

(gabrielsieben.tech)
733 points gjsman-1000 | 7 comments | 26 Jul 22 03:46 UTC | HN request time: 0.001s | source | bottom
Show context
metadat ◴[26 Jul 22 03:50 UTC] No.32234045[source]
Ew. Why are all the chip manufacturers going along with this stupid plan? I want to buy a processor and then own it and have it work in my best interests, not consume electricity and generatie heat enforcing draconian 3rd party DRM policies.
replies(12): >>32234130 #>>32234281 #>>32234326 #>>32234400 #>>32234486 #>>32234981 #>>32235753 #>>32235848 #>>32236170 #>>32236808 #>>32237073 #>>32240665 #
Analemma_ ◴[26 Jul 22 05:10 UTC] No.32234486[source]
The conspiratorial answers here are emotionally satisfying, but ultimately wrong. The reason chip makers and OS vendors are adding this is customer demand, by which I mean enterprises. Companies want remote attestation and guaranteed-immutable OS images on their networks, and I honestly can't say I blame them. In a perfect world they could have it and we could somehow firewall it away from the consumer space entirely, but that's not going to happen.
replies(5): >>32234561 #>>32234804 #>>32234879 #>>32237705 #>>32261846 #
walterbell ◴[26 Jul 22 05:21 UTC] No.32234561{3}[source]
On-premise, open-source, customer-owned remote attestation servers are possible. Avoid outsourcing integrity verification to 3rd-party clouds.
replies(3): >>32234573 #>>32234629 #>>32235239 #
1. wmf ◴[26 Jul 22 05:30 UTC] No.32234629{4}[source]
The same enterprises asking for this stuff are also asking for it to be taken out of their hands because they don't trust themselves to operate it securely or reliably.
replies(1): >>32234737 #
2. pmontra ◴[26 Jul 22 05:49 UTC] No.32234737[source]
So this turns into security theater because ultimately they can't trust those third parties too.
replies(4): >>32234813 #>>32234878 #>>32237183 #>>32241268 #
3. LtWorf ◴[26 Jul 22 05:59 UTC] No.32234813[source]
They don't care about security, they just want proof that they did what they could when disaster happens.
4. uw_rob ◴[26 Jul 22 06:07 UTC] No.32234878[source]
When it comes to security someone must always sleep with one eye open - co-owning this responsibility is totally reasonable. Microsoft takes security seriously and is investing heavily in it; if they are already in your orgs trust boundaries I see no reason why they wouldn't be considered good stewards for this as well.

Besides, at enterprise scale, how do you trust internal teams? It could all be security theater and they aren't delivering on their promises as well.

replies(1): >>32235285 #
5. sofixa ◴[26 Jul 22 07:07 UTC] No.32235285{3}[source]
> Microsoft takes security seriously and is investing heavily in it

Some parts of it maybe do. Some others, like multiple different Azure teams, don't even think about anything resembling security, or there wouldn't have been multiple critical and trivially exploitable security vulnerabilities on Azure in the last year only. (If you don't know them, please read up on them. Security is hard, but in those cases nobody even pretended to try!)

6. autoexec ◴[26 Jul 22 12:09 UTC] No.32237183[source]
I'm frankly already appalled by how much data (proprietary data, customer data, employee data, etc) companies are fine leaking to 3rd parties, MS especially. Even if you assume that Microsoft could never ever possibly be hacked, or would never favor one of your competitors enough to hand them your data, Microsoft's MO has often been basically stealing other people's work/ideas and stomping out or absorbing the people they took it from. The data they get from outlook alone must be worth a fortune, but with everything the OS collects these days it's insane how little anyone cares.
7. notriddle ◴[26 Jul 22 17:35 UTC] No.32241268[source]
You're thinking about companies as monoliths. They are groups of people.

The managers who want remote attestation aren't the people implementing it. They either pay someone else to do it, or they pay someone else to do it. The difference between paying a third-party company and an employee is that employees are more expensive, because the costs aren't amortized over other customers who want the same stuff. Why would they be more trustworthy? Why would they be better at it? Why would it be any less likely to be hacked if you did it at your company than if you outsourced it?