←back to thread

The Dangers of Microsoft Pluton

(gabrielsieben.tech)
733 points gjsman-1000 | 1 comments | 26 Jul 22 03:46 UTC | HN request time: 0.257s | source
Show context
__void ◴[26 Jul 22 07:08 UTC] No.32235294[source]
nowadays 98% of things implying "security" are actually unwanted products, protections for "the other side" or trivial distortions of reality where, conveyed by "security" itself, the user himself becomes the product

- no, I don't need protections for the side channel, I never asked for them

- no, I don't need a unique identifier, who is the demented person who asked you for it

- no, I am not going to glitch the power supply, and even if I did it means I am interested in doing it and wish it worked instead I was prevented from doing it

- no, I don't care at all about having a hw store for certificates, which are ephemeral and dropped from above anyway so what am I supposed to trust?

- and so on

"not secure by design" nowadays comes close to being a coveted feature

replies(9): >>32235558 #>>32235757 #>>32235785 #>>32236328 #>>32238085 #>>32239187 #>>32239697 #>>32240056 #>>32241540 #
raxxorraxor ◴[26 Jul 22 10:02 UTC] No.32236328[source]
Security has degraded to snake oil on a lot of topics. Boot infection are really rare and the whole TPM module isn't really needed in my opinion and I don't want it either for my systems. There are edge cases and sensible applications, but I don't want to see it as standard.
replies(2): >>32236532 #>>32239588 #
1. kmeisthax ◴[26 Jul 22 15:20 UTC] No.32239588[source]
The concern with boot infections aren't for standard every-day malware, which is perfectly happy to just mine crypto on your machine in a sandbox[0] or read out your browser cookiejar for login tokens at normal user privilege. The kinds of people dealing in boot infections these days are three-letter agencies looking to make very difficult-to-detect malware that they can attack other countries' infrastructure with. Likewise the companies that run said infrastructure would rather buy servers and client machines that will defend against such attacks.

Before you say, "well, they're the government, why don't they just compromise the secure boot CA"; the problem is that cryptographic signatures create evidence. If someone finds your boot sector malware you don't want it to be attributable - but signatures from an already-trusted entity create exactly the kind of paper trail you'd rather avoid. If Microsoft signs a boot sector virus, then it's obviously a US government cyberweapon, and any companies that find it in their systems will start suing. In this particular context, secure boot is a policy of "no execution without attribution".

[0] Which nowadays can even be done in a browser. Modern browsers actually have to have throttling and CPU usage limits because of this.