|
Coffee Shop Talk of a non sexual Nature Visit Sam's Alfresco Heaven. Singapore's best Alfresco Coffee Experience! If you're up to your ears with all this Sex Talk and would like to take a break from it all to discuss other interesting aspects of life in Singapore, pop over and join in the fun. |
|
Thread Tools |
#1
|
|||
|
|||
Serious WARNING: You're like totally fcuk if you use MS Windows
An honorable member of the Coffee Shop Has Just Posted the Following:
Microsoft accidentally leaks golden keys that unlock every Windows device The keys allow hackers to unlock Windows devices, including tablets and phones Microsoft accidentally leaked the golden keys to the Windows kingdom. The keys allow hackers to unlock every Windows device, including tablets, phones and other devices that are protected by Secure Boot. The most alarming part about the leak is that it is believed that it may likely be impossible for Microsoft to fully recover from the leak. The leakwas uncovered by two security researchers MY123 and Slipstream, who revealed in a (Star Wars-style) blog that the security flaw allowed malicious entities with admin rights or physical access to a device can bypass Secure Boot to not only run other operating systems (OS) like Linux or Android on the device but also install and execute rootkits and bootkits, at the most deeply penetrated level of the device. The leak serves as a reminder of the potential dangers in security when tech firms are pressured by governments and law enforcement agencies into producing special keys that can be used by investigators to unlock devices, in the course of criminal investigations. The researchers wrote: "A backdoor, which MS put in to secure boot because they decided to not let the user turn it off in certain devices, allows for secure boot to be disabled everywhere! You can see the irony. Also the irony in that MS themselves provided us several nice 'golden keys' (as the FBI would say) for us to use for that purpose." "About the FBI: are you reading this? If you are, then this is a perfect real world example about why your idea of backdooring cryptosystems with a 'secure golden key' is very bad!," the duo added. What is Secure Boot? Microsoft's Secure Boot is part of its Unified Extensible Firmware Interface (UEFI) firmware, which when fully enabled deters users from booting their devices with other OS. Additionally, in specific devices, Secure Boot users cannot disable Secure Boot. Secure Boot works in tandem with certain policies, among which one particular boot policy is designed to load early and disable OS security checks. Although this policy is useful for developers, especially when conducting OS testing, the loophole allows users to allegedly boot devices with whichever OS they desire. According to a report by the Register, the "golden key" debacle was born out of a design flaw in this debug-mode policy, which was accidentally shipped onto retail devices. Unfortunately for Microsoft, the leaked golden key policy is universal and works on any device that operates on the Windowsboot manager. Microsoft's response The researchers claim that they informed Microsoft in March that they had uncovered the debug-mode policy. Although Redmond allegedly initially refused to follow up the issue, Microsoft later awarded a bug bounty and pushed out a security patch MS16-094. A second patch MS16-100 followed the first in August, after it was deemed "inadequate". However, a third patch is also expected soon, given that the second patch did not completely resolve the issue. "Either way, it'd be impossible in practise for MS to revoke every bootmgr earlier than a certain point, as they'd break install media, recovery partitions, backups, etc," the the researchers commented. Source: http://www.ibtimes.co.uk/microsoft-a...device-1575542 Click here to view the whole thread at www.sammyboy.com. |
Advert Space Available |
Bookmarks |
Thread Tools | |
|
|
t Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Serious WARNING: You're like totally fcuk if you use MS Windows | Sammyboy RSS Feed | Coffee Shop Talk of a non sexual Nature | 0 | 12-08-2016 09:50 AM |
Serious WARNING: You're like totally fcuk if you use MS Windows | Sammyboy RSS Feed | Coffee Shop Talk of a non sexual Nature | 0 | 12-08-2016 09:20 AM |
Ser Fcuk did fcuk-all to defuse situation - just a disgusting opportunist | Sammyboy RSS Feed | Coffee Shop Talk of a non sexual Nature | 0 | 30-09-2014 01:40 AM |
Ser Fcuk did fcuk-all to defuse situation - just a disgusting opportunist | Sammyboy RSS Feed | Coffee Shop Talk of a non sexual Nature | 0 | 30-09-2014 12:40 AM |
Ser Fcuk did fcuk-all to defuse situation - just a disgusting opportunist | Sammyboy RSS Feed | Coffee Shop Talk of a non sexual Nature | 0 | 30-09-2014 12:20 AM |