←back to thread

The Dangers of Microsoft Pluton

(gabrielsieben.tech)
733 points gjsman-1000 | 8 comments | 26 Jul 22 03:46 UTC | HN request time: 0.691s | source | bottom
Show context
Gh0stRAT ◴[26 Jul 22 06:26 UTC] No.32235028[source]
I'm completely missing how his example of a Word document that can only be opened by approved users on approved hardware within the corporation is supposed to be a bad thing.

Honestly, that sounds pretty fantastic. I've been using 3rd party tools/extensions to do this sort of thing in corporate and government environments for years, but having the attestation go all the way down to the hardware level is a big value-add, especially with so much ransomware/spyware/extortion/espionage going on these days.

Can someone please explain to me how the author might see this level of security as a bad thing?

replies(18): >>32235120 #>>32235149 #>>32235164 #>>32235474 #>>32235546 #>>32235795 #>>32235875 #>>32236359 #>>32236639 #>>32236668 #>>32236673 #>>32236797 #>>32236864 #>>32237450 #>>32237580 #>>32238544 #>>32238583 #>>32240740 #
1. qweqwerwerwerwr ◴[26 Jul 22 11:01 UTC] No.32236673[source]
what's stopping someone from taking photos of your precious document and posting them on 4chan?

nothing. there's nothing you can do to stop that.

replies(3): >>32236946 #>>32236951 #>>32237044 #
2. dane-pgp ◴[26 Jul 22 11:40 UTC] No.32236946[source]
In corporate and government environments, I imagine that they'll ban employees / civil servants from bringing camera(phone)s to work, and necessarily forbid them working from home.

The only question is whether they will trust metal detectors to prevent whistleblowers from bringing in these devices, or if they will rely on strip searches and CCTV.

3. fsflover ◴[26 Jul 22 11:41 UTC] No.32236951[source]
Try to scan banknotes with a scanner and you will see.
replies(2): >>32237160 #>>32240976 #
4. autoexec ◴[26 Jul 22 11:54 UTC] No.32237044[source]
I can discretely copy GBs of email messages and word docs in a reasonable amount of time, but I couldn't discretely take cell phone pictures of every page of every one of those messages and documents if I had years to do it. You don't always have to prevent something 100% of the time in every possible situation to have a devastating effect on people who want to do that thing.
replies(1): >>32237259 #
5. qweqwerwerwerwr ◴[26 Jul 22 12:06 UTC] No.32237160[source]
if you mean there are scanners that prevent you from scanning of a banknote, that's another great example of wasting time, money and resources to accomplish nothing
6. qweqwerwerwerwr ◴[26 Jul 22 12:17 UTC] No.32237259[source]
I've just provided the easiest example of bypassing any boomer security nonmeasures. give a dedicated and competent attacker 15 minutes alone with your highly secure machine and highly sensitive documents, and if your entire security model depends on DRM rather than actually effective methods, they will figure out how to exfiltrate it all.
7. anthk ◴[26 Jul 22 17:09 UTC] No.32240976[source]
Linux/BSD will do it fine.
replies(1): >>32244288 #
8. fsflover ◴[26 Jul 22 21:27 UTC] No.32244288{3}[source]
I thought it was in the scanner firmware.