←back to thread

The Dangers of Microsoft Pluton

(gabrielsieben.tech)
733 points gjsman-1000 | 1 comments | 26 Jul 22 03:46 UTC | HN request time: 0.246s | source
Show context
__void ◴[26 Jul 22 07:08 UTC] No.32235294[source]
nowadays 98% of things implying "security" are actually unwanted products, protections for "the other side" or trivial distortions of reality where, conveyed by "security" itself, the user himself becomes the product

- no, I don't need protections for the side channel, I never asked for them

- no, I don't need a unique identifier, who is the demented person who asked you for it

- no, I am not going to glitch the power supply, and even if I did it means I am interested in doing it and wish it worked instead I was prevented from doing it

- no, I don't care at all about having a hw store for certificates, which are ephemeral and dropped from above anyway so what am I supposed to trust?

- and so on

"not secure by design" nowadays comes close to being a coveted feature

replies(9): >>32235558 #>>32235757 #>>32235785 #>>32236328 #>>32238085 #>>32239187 #>>32239697 #>>32240056 #>>32241540 #
1. darzu ◴[26 Jul 22 14:55 UTC] No.32239187[source]
It’s worth distinguishing between security against software attacks and security against physical “attacks”.

I absolutely don’t want my internet connected pet cam to be accessed remotely (outside the set of companies i’ve decided to trust, namely the manufacturer.)

Protection against hardware tempering is less good and probably mostly anti-consumer. The most legitimate cases I’ve heard:

- Protection from (some) supply chain attacks

- Leasing models. Where you acquire the item for less than it’s hardware cost and pay over time.

But honestly I’m not convinced of either.

Disclosure: I worked on Azure Sphere, the first place Pluton was developed outside Xbox.

Edit: I’ve read the whole article now. These scenarios are really bad and really realistic. Pluton is bad.