SoylentNews is people
SoylentNews
Microsoft leaked the golden keys that unlock Windows-powered tablets, phones and other devices sealed by Secure Boot – and is now scrambling to undo the blunder.
These skeleton keys can be used to install non-Redmond operating systems on locked-down computers. In other words, on devices that do not allow you to disable Secure Boot even if you have administrator rights – such as ARM-based Windows RT tablets – it is now possible to sidestep this block and run, say, GNU/Linux or Android.
What's more, it is believed it will be impossible for Microsoft to fully revoke the leaked keys.
And perhaps most importantly: it is a reminder that demands by politicians and crimefighters for special keys, which can be used by investigators to unlock devices in criminal cases, will inevitably jeopardize the security of everyone.
Microsoft's misstep was uncovered by two researchers, MY123 and Slipstream, who documented their findings here in a demoscene-themed writeup published on Tuesday. Slip believes Microsoft will find it impossible to undo its leak.
[Continues...]
[...] People are particularly keen to unlock their ARM-powered Surface fondleslabs and install a new operating system because Microsoft has all but abandoned the platform. Windows RT is essentially Windows 8.x ported to 32-bit ARMv7-compatible processors, and Microsoft has stopped developing it. Mainstream support for Surface RT tabs runs out in 2017 and Windows RT 8.1 in 2018.
A policy similar to the leaked debug-mode policy can be used to unlock Windows Phone handsets, too, so alternative operating systems can be installed. A policy provision tool for Windows Phone is already available. We expect to hear more about that soon.
[...] The Secure Boot policies Microsoft is rushing to revoke can't be used to backdoor conversations or remotely hijack systems, but they remind us that this kind of information rarely stays secret.
"This is a perfect real world example about why your idea of backdooring cryptosystems with a 'secure golden key' is very bad," Slipstream wrote, addressing the FBI in particular.
"Smarter people than me have been telling this to you for so long. It seems you have your fingers in your ears. You seriously don't understand still? Microsoft implemented a 'secure golden key' system. And the golden keys got released by Microsoft's own stupidity. Now, what happens if you tell everyone to make a 'secure golden key' system?"
The article goes into considerable background on the leaked keys and how you can use them to circumvent Secure Boot. Happy hacking to anyone who has (or can get a good deal on) a Windows RT tablet!
(Score: 2, Interesting) by Francis on Thursday August 11 2016, @01:03AM
I think a hearty Ha-Haaa is in order.
I always have to wonder whether it's incompetence or corruption that leads these people to think that putting a backdoor in all those computers is a good thing. And then to not just make it a backdoor, but to use the same key for all of them is just astonishing. Even if the key hadn't been leaked, somebody still would have eventually figured it out.
When all is said and done, perhaps people should be allowed to own the things that they buy. I know that's crazy talk, but it would solve a lot of these problems.
(Score: 5, Insightful) by TheGratefulNet on Thursday August 11 2016, @01:20AM
those that build things, build things.
those that don't, look to control and manipulate others.
there really are (at least) 2 kinds of people on this planet. and neither really understands the other.
we don't own things because the non-makers need to do 'something' and this is what we have. data-mined, bombarded with advertising, being told 'privacy is dead, get over it' - this is all their doing. that kind of person - the kind who can't do real things but gets off controlling others.
its really too bad. its hard being the controlled in a world of the controlling. but this is what it is, and for all of humanity, its been that way (afaict).
tl;dr; lots of people really suck and they ruin things for the rest of us
"It is now safe to switch off your computer."
(Score: 5, Interesting) by Runaway1956 on Thursday August 11 2016, @02:35AM
I thought it easy to be among the controlled. Just slurp up the propaganda drummed into you during your public school years, learn what the authorities will permit, and then just go along to get along.
The hard part is remaininc uncontrolled, in a world where control is ever more ubiquitous. The uncontrolled have to jump through their own hoops - researching the controls, to start with, so that they can learn to avoid the controls. Creating programs that thwart the controls. Being ever watchful for changes to protocols, and maybe even changing the protocols to meet our own needs.
It's got to be pretty easy to sit down in front of your computer, consume the advertising, plug in your data and your credit card numbers, and just accept whatever spews forth from your screen and your speakers. It's not very enriching, but it's easy. Isn't it? Must be, because at least 90% of our freinds, relatives, and neighbors do it.
It's kinda like marching to the beat of a different drum. The rest of the brigade keeps trying to march over you because you aren't in lockstep with them.
(Score: 3, Insightful) by Azuma Hazuki on Thursday August 11 2016, @04:50AM
It's easy until the ones doing the controlling start hurting you. This crap is precisely why I started on Linux over 12 years ago (yeeee gods, has it been THAT long already...?). Mostly everything you said up there was completely true, and sad to say I think we've lost this one: the technology is too ubiquitous and the knowledge gap too great to save the system as it is now. Things are going to have to collapse, to some degree or another, before they improve.
I am "that girl" your mother warned you about...
(Score: 0) by Anonymous Coward on Thursday August 11 2016, @06:32PM
While there were suspicions about the capability to coopt computer hardware (especially x86) since the mid 90s (SMM/option roms before all the modern stuff became standard), it is becoming increasingly difficult to have both hardware and software you can trust. All of the ARM/x86 hardware has drm and signed firmware baked in that makes it possible there are integrated escalation attacks an owner of the hardware can't easily filter, omit, or disable. And on the software side the majority of software both proprietary and libre is run by the same few dozen organizations, many of which have lots to lose if they don't toe a great deal of government's lines, and who may either put pressure on, or simply plant a mole in their development teams in order to ensure exploits are available in the event future attacks, either targeted or broad are deemed necessary.
While it is possible some niche device that respects end users control, ownership, and privacy above that of corporations and governments will be made available, so far it hasn't, and all the in development hardware that could be made capable of that has so far not made it into products outside the realm of embedded systems (see J2 and RISC-V derivatives.) There are currently patent free busses fully capable of integrating with 'closed/encumbered' busses like PCI Express to allow us to build systems to take full advantage of modern peripheral hardware for maximum performance, but nobody producing hardware seems to be putting in the work to make it happen at a price point that would lead its sales to scale.
(Score: 0) by Anonymous Coward on Thursday August 11 2016, @05:56AM
What a bunch of masturbatory self-congratulation. Runaway as John Galt!
(Score: 1, Informative) by Anonymous Coward on Thursday August 11 2016, @06:16AM
And yet he's completely correct. How many people surrender their information to scummy companies like Facebook? How many people do not care or know about freedom-respecting software? How many people support or do not care about government mass surveillance? It sure seems like a majority of the population.
(Score: 2) by sjames on Thursday August 11 2016, @07:00AM
Do not confuse learned helplessness with support or approval. Do not confuse ignorance with apathy.
(Score: 0) by Anonymous Coward on Thursday August 11 2016, @10:08AM
> Do not confuse learned helplessness with support or approval.
Do not confuse ignorance (and intentional obfuscation - EULAs) with learned helplessness (which *requires effort* without effect)
> Do not confuse ignorance with apathy.
I have educated scores of persons. To a one the reply is a variation on "oh that's kind of creepy" and zero useage change. Ignorance transmutes to apathy on this specific subject, in North America, across classes.
(Score: 0) by Anonymous Coward on Thursday August 11 2016, @12:36PM
People make trade-offs.
People assign different values to things than you do.
That doesn't make you an awesome person.
(Score: 1) by anubi on Thursday August 11 2016, @07:51AM
Now change that a bit to being told the concept of "imaginary property" is also dead... and suddenly the face changes!
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 3, Interesting) by Snotnose on Thursday August 11 2016, @02:30AM
I always have to wonder whether it's incompetence or corruption that leads these people to think that putting a backdoor in all those computers is a good thing.
I think it's a combination of both. In today's government people that rise that high take what you and I would consider corrupt as business as usual. People that rise that high are better at politics and accepting favors than actually figuring out anything more complicated than if you have 1 cup of tea in the microwave, if you put the second cup in should you nuke them both for 1.5x or 2x that of the single cup.
Those peeps who could actually comprehend stuff like cryptography typically suck at politics, so they get to heat the boss' tea.
When the dust settled America realized it was saved by a porn star.
(Score: 2, Interesting) by Anonymous Coward on Thursday August 11 2016, @10:21AM
This inquiring mind wants to know now!
I always took microwaves wattages, with the fact that things outside the unit don't get heated, to mean that at full power that wattage is fully converted to heat.
But of course that's not true. Power could be lost to heating parts inside the unit (and surely the transformers heat). There might be other effects that make it nonlinear.
And that's assuming a short cook. If heated over a longer time thermal dissipation might make it > 2x for double the material?!?
Tell us tell us Snotnose!
(Score: -1, Flamebait) by Anonymous Coward on Thursday August 11 2016, @02:43AM
I always have to wonder
Yes, we know, Francis. Another thing you didn't know? Astounding!
(Score: 1) by Francis on Friday August 12 2016, @12:10AM
Worst troll ever.