SoylentNews is people
SoylentNews
Microsoft leaked the golden keys that unlock Windows-powered tablets, phones and other devices sealed by Secure Boot – and is now scrambling to undo the blunder.
These skeleton keys can be used to install non-Redmond operating systems on locked-down computers. In other words, on devices that do not allow you to disable Secure Boot even if you have administrator rights – such as ARM-based Windows RT tablets – it is now possible to sidestep this block and run, say, GNU/Linux or Android.
What's more, it is believed it will be impossible for Microsoft to fully revoke the leaked keys.
And perhaps most importantly: it is a reminder that demands by politicians and crimefighters for special keys, which can be used by investigators to unlock devices in criminal cases, will inevitably jeopardize the security of everyone.
Microsoft's misstep was uncovered by two researchers, MY123 and Slipstream, who documented their findings here in a demoscene-themed writeup published on Tuesday. Slip believes Microsoft will find it impossible to undo its leak.
[Continues...]
[...] People are particularly keen to unlock their ARM-powered Surface fondleslabs and install a new operating system because Microsoft has all but abandoned the platform. Windows RT is essentially Windows 8.x ported to 32-bit ARMv7-compatible processors, and Microsoft has stopped developing it. Mainstream support for Surface RT tabs runs out in 2017 and Windows RT 8.1 in 2018.
A policy similar to the leaked debug-mode policy can be used to unlock Windows Phone handsets, too, so alternative operating systems can be installed. A policy provision tool for Windows Phone is already available. We expect to hear more about that soon.
[...] The Secure Boot policies Microsoft is rushing to revoke can't be used to backdoor conversations or remotely hijack systems, but they remind us that this kind of information rarely stays secret.
"This is a perfect real world example about why your idea of backdooring cryptosystems with a 'secure golden key' is very bad," Slipstream wrote, addressing the FBI in particular.
"Smarter people than me have been telling this to you for so long. It seems you have your fingers in your ears. You seriously don't understand still? Microsoft implemented a 'secure golden key' system. And the golden keys got released by Microsoft's own stupidity. Now, what happens if you tell everyone to make a 'secure golden key' system?"
The article goes into considerable background on the leaked keys and how you can use them to circumvent Secure Boot. Happy hacking to anyone who has (or can get a good deal on) a Windows RT tablet!
(Score: 5, Interesting) by Runaway1956 on Thursday August 11 2016, @02:35AM
I thought it easy to be among the controlled. Just slurp up the propaganda drummed into you during your public school years, learn what the authorities will permit, and then just go along to get along.
The hard part is remaininc uncontrolled, in a world where control is ever more ubiquitous. The uncontrolled have to jump through their own hoops - researching the controls, to start with, so that they can learn to avoid the controls. Creating programs that thwart the controls. Being ever watchful for changes to protocols, and maybe even changing the protocols to meet our own needs.
It's got to be pretty easy to sit down in front of your computer, consume the advertising, plug in your data and your credit card numbers, and just accept whatever spews forth from your screen and your speakers. It's not very enriching, but it's easy. Isn't it? Must be, because at least 90% of our freinds, relatives, and neighbors do it.
It's kinda like marching to the beat of a different drum. The rest of the brigade keeps trying to march over you because you aren't in lockstep with them.
(Score: 3, Insightful) by Azuma Hazuki on Thursday August 11 2016, @04:50AM
It's easy until the ones doing the controlling start hurting you. This crap is precisely why I started on Linux over 12 years ago (yeeee gods, has it been THAT long already...?). Mostly everything you said up there was completely true, and sad to say I think we've lost this one: the technology is too ubiquitous and the knowledge gap too great to save the system as it is now. Things are going to have to collapse, to some degree or another, before they improve.
I am "that girl" your mother warned you about...
(Score: 0) by Anonymous Coward on Thursday August 11 2016, @06:32PM
While there were suspicions about the capability to coopt computer hardware (especially x86) since the mid 90s (SMM/option roms before all the modern stuff became standard), it is becoming increasingly difficult to have both hardware and software you can trust. All of the ARM/x86 hardware has drm and signed firmware baked in that makes it possible there are integrated escalation attacks an owner of the hardware can't easily filter, omit, or disable. And on the software side the majority of software both proprietary and libre is run by the same few dozen organizations, many of which have lots to lose if they don't toe a great deal of government's lines, and who may either put pressure on, or simply plant a mole in their development teams in order to ensure exploits are available in the event future attacks, either targeted or broad are deemed necessary.
While it is possible some niche device that respects end users control, ownership, and privacy above that of corporations and governments will be made available, so far it hasn't, and all the in development hardware that could be made capable of that has so far not made it into products outside the realm of embedded systems (see J2 and RISC-V derivatives.) There are currently patent free busses fully capable of integrating with 'closed/encumbered' busses like PCI Express to allow us to build systems to take full advantage of modern peripheral hardware for maximum performance, but nobody producing hardware seems to be putting in the work to make it happen at a price point that would lead its sales to scale.
(Score: 0) by Anonymous Coward on Thursday August 11 2016, @05:56AM
What a bunch of masturbatory self-congratulation. Runaway as John Galt!
(Score: 1, Informative) by Anonymous Coward on Thursday August 11 2016, @06:16AM
And yet he's completely correct. How many people surrender their information to scummy companies like Facebook? How many people do not care or know about freedom-respecting software? How many people support or do not care about government mass surveillance? It sure seems like a majority of the population.
(Score: 2) by sjames on Thursday August 11 2016, @07:00AM
Do not confuse learned helplessness with support or approval. Do not confuse ignorance with apathy.
(Score: 0) by Anonymous Coward on Thursday August 11 2016, @10:08AM
> Do not confuse learned helplessness with support or approval.
Do not confuse ignorance (and intentional obfuscation - EULAs) with learned helplessness (which *requires effort* without effect)
> Do not confuse ignorance with apathy.
I have educated scores of persons. To a one the reply is a variation on "oh that's kind of creepy" and zero useage change. Ignorance transmutes to apathy on this specific subject, in North America, across classes.
(Score: 0) by Anonymous Coward on Thursday August 11 2016, @12:36PM
People make trade-offs.
People assign different values to things than you do.
That doesn't make you an awesome person.