Researchers Crack Microsoft Feature, Say Encryption Backdoors Similarly Crackable (thehill.com) 86
An anonymous reader writes: Researchers who uncovered a security key that protects Windows devices as they boot up say their discovery is proof that encryption backdoors do not work. The pair of researchers, credited by their hacker nicknames MY123 and Slipstream, found the cryptographic key protecting a feature called Secure Boot. They believe the discovery highlights a problem with requests law enforcement officials have made for technology companies to provide police with some form of access to otherwise virtually unbreakable encryption that might be used by criminals. "Microsoft implemented a 'secure golden key' system. And the golden keys got released from [Microsoft's] own stupidity," wrote the researchers in their report, in a section addressed by name to the FBI.
proof that encryption backdoors do not work (Score:5, Funny)
proof that [anything developed by Microsoft does] not work.
FTFY.
Re: (Score:1)
Maybe they shouldn't have emailed the key to Hillary?
... and the congress reacts (Score:2)
... by outlawing disclosure of the the key, and declares victory over "sinister forces seeking to undermine our freedom" (whatever the hell that means.)
moral of the story, don't leave a bunch of old greedy fucks with no comprehension of technology to regulate it.
Re: (Score:2)
I think if you beat a dead horse for several years straight it becomes funny in an ironic way.
As A. Whitney Brown said on SNL: "There's no reason to beat a dead horse... except for the pure joy of it..."
Dear God (Score:4, Informative)
That web site is annoying. 8 bit game music and the text jitters.
Re:Dear God (Score:4, Funny)
That's a long way to say "What's NoScript?"
Re: (Score:1)
I solved my problem using copy and paste.
Re: (Score:2)
Haha, I thought it annoying but hilarious, going way, way back to the demo days. Good show.
Re: (Score:3)
Re: (Score:2)
It is also mostly text. Copy & paste into text-editor and read without the hassle.
"Crack Microsoft Feature" (Score:2)
When will the folks in Redmond put down the pipes?
Re:"Crack Microsoft Feature" (Score:5, Interesting)
When will the folks in Redmond put down the pipes?
You laugh but it's a bit ironic. This wasn't a crack, it was a leak. MS actually gave everyone the fucking keys. This is great for me though, I spent 4 hours yesterday telling everyone at work that Microsoft is just as fucked on security today as they were 20 years ago. Then this happens and I'm totally vindicated.
Re: (Score:3)
I don't know many folks with the courage to take the position that Microsoft products might be insecure.
Way to go out on a limb and still manage to come up totally vindicated!
You were aiming for funny, but what you actually got was chilling, because in fact that is a courageous position in many boardrooms and meeting halls across the country. It is, as usual, due to cognitive dissonance. People who think they are big swinging dicks because of their corporate position believe that Microsoft must be the ultimate cocksman because of its lofty position atop the market. In order to accept that Microsoft might actually be incompetent in spite of their market dominance, they have to ac
Re: (Score:2)
They locked the door but left the windows open....
Re: (Score:2)
Unbelievably obnoxious fucking article (Score:2, Informative)
Rotating golden key, moving starfield and crappy text. Virtually unreadable article. WTF?
Re: (Score:3)
I sure do miss GeoCities and MySpace.
Re: (Score:2)
Rotating golden key, moving starfield and crappy text. Virtually unreadable article. WTF?
All I see is some monospace white on black with blue links, and I could change that to white on black if I had hacktheweb installed. Maybe you should work on this how to internet thing.
Microsoft; Secure? Bwahahaha! (Score:5, Insightful)
Their security has a been a joke for *decades*.
Re:Microsoft; Secure? Bwahahaha! (Score:5, Insightful)
Re: (Score:2)
I stand corrected. :-)
That "Microsoft Feature" is Secure Boot (Score:5, Informative)
Microsoft made a signed policy file which can be used with a Microsoft signed UEFI boot loader to turn off Secure Boot, and accidentally (?) published that policy with the Windows 10 anniversary update. Using this policy, Secure Boot can even be disabled on systems that won't allow the owner to disable it. And of course, this can be used to turn off Secure Boot remotely, so basically Microsoft eradicated any benefit that Secure Boot might have had. Now it's just annoying.
Re:That "Microsoft Feature" is Secure Boot (Score:5, Insightful)
An update has appeared that claims to fix this issue (KB3172729). Presumably they have revoked that key and replaced it with a new one.
This isn't really an issue with backdoors though, it's just an issue with public key crypto in general. You have to protect the private key, and not accidentally leak it. And to be fair to Microsoft, they aren't the only ones. Apple leaked the private key for their firmware updates, allowing you to create an undetectable rootkit that lived in, say, the battery firmware and which could not be removed by a full HDD wipe. And Github regularly scans for people accidentally posting their private keys when they commit code.
Re: (Score:2, Informative)
The obvious problem is that they can't revoke the key that enables the boot loader, because that would stop countless devices from booting installation media, recovery partitions and restored systems. They can revoke the key that enables the policy, but anybody with admin rights can replace the boot loader with an older version that doesn't have this key blacklisted, and use that to disable Secure Boot. The magnitude of this fuck-up can hardly be overestimated.
Re: (Score:2)
Indeed. The one thing you absolutely need to do right (besides key-generation) in a public-key system is to keep the secret key secret. If you cannot do that, then you have no business building anything with security implications. Yes, MS is utterly incompetent and has been known for ages to be.
Re: (Score:2)
Yes, technically you are right. But signing anything an attacker can ever wish for with the secret key and then handing it over is hardly any better.
Re: (Score:1)
>The magnitude of this fuck-up can hardly be overestimated.
OK, I'll try. How about that moment during the battle at the gates of Mordor when Frodo slipped on the ring there by the fires of Mt. Doom and Sauron suddenly realized that his stupidity was without fathom.
challenge accepted! (Score:5, Funny)
Show me an unhackable machine and I'll show you my bare arse.
Sounds like an easily exploitable security hole to me...
How to kill such organizations. (Score:2)
The keys are supposed to be on a locked down system and signing is supposed to happen in one controlled place.
And if you do it that way you have created a single point of failure for the company - or at least all its deployed products. Kill that system, they're hosed. Ditto if (when) it dies.
So either they don't do it this "recommended" way or there is some kind of backup - which then also isn't this "recommended" way and becomes a potential security leak.
Dammed if you do, damned if you don't.
Re: (Score:2)
"And if you do it that way you have created a single point of failure for the company"
No one said it can only be in one place. You could copy the key to several OFFLINE hard disks and put them in secure place(s) OFFLINE. You could print the key and secure that in one or more place. There are several options where it can be extremely secure yet not rely on a single system to not fail.
Re: (Score:2)
A secure machine? No problem. In my basement, behind concrete walls, no connection to the outside and my mother in law with her +5 rolling pin of swatting standing in front of it.
You owe me your ass.
Re: (Score:2)
Apple leaked the private key for their firmware updates
Citation, please?
Re:That "Microsoft Feature" is Secure Boot (Score:5, Informative)
http://arstechnica.com/apple/2... [arstechnica.com]
Just Google it next time.
Re: (Score:2)
http://arstechnica.com/apple/2... [arstechnica.com]
Just Google it next time.
I did; but tofu description was so hyperbolic that I didn't find the reference.
And according to the article, Apple didn't "leak" anything. They simply used a default password for their battery controller..Not smart; but it only affected the battery subsystem, and couldn't be used to access anything else in the laptop.
Then they fixed it.
Re: (Score:2)
Secure Boot is not a security feature, it is simply intended to make sure you don't install an "unapproved" OS on things like their Surface Pro. Any vendor can thus lock any otherwise relatively open hardware into "their" software under whatever guise (security, export restrictions, terrorism).
Re: (Score:2)
Indeed. The whole "security" thing is just a cover-up lie.
Re: (Score:3)
Congress will never outlaw stupidity. When heave they ever made a law that has negative effects that affects mostly themselves?
Re: (Score:2)
$10B is chump change to our government and the government can't be held liable in these endeavors.
Re: (Score:2)
We'd have no problem with that, if only gramps FBI would get offa our lawn.
Re: (Score:3)
That is because nothing happens to the FBI if they screw up. Hence they screw up more and more, because screwing up is easier and cheaper than not screwing up. Power without accountability will invariably do that to any organization.
Misleading ... Didn't "crack" anything (Score:1)
They read the specification, they reviewed the implementation, and they found a published key. I am unsure how people define "crack" but this seems more like "I reviewed stuff thoughtfully and published the findings".
Re: (Score:2)
"You hacked into my house!"
"No, I didn't. I read the sign posted on your door that said 'The spare key is under the third rock on the left along the path leading up to the door.' I lifted that rock, found the key, and opened your door."
"HACKER!!!!"
So WinRT ARM devices aren't useless now? (Score:1)
Can someone make a Linux build for these now and make them useful again?
Re: (Score:2)
again?!
Re: So WinRT ARM devices aren't useless now? (Score:1)
Re: (Score:3)
My exploit from last year (CVE-2015-2552) already allowed trivially jailbreaking Surface RT tablets to run unsigned Windows programs.
This new exploit, however, adds the ability to run unsigned (technically, self-signed) .efi files, before Windows boots. In order to run an alternative operating system, you need to be able to run .efi files, because it is not possible to chainload from an EFI OS.
So yes, theoretically, you could make an Android distro for Surface RT now.
Re: (Score:2)
"Government only" keys do not exist (Score:5, Informative)
Dear politicians: There will never be a backdoor key that only your law enforcement will have. Such things tend to be very, very valuable. Being able to decrypt any and all trade secrets is valuable. At a level where nation states start to be interested, not just some petty criminals, or even large criminal entities. Governments are interested. And they tend to have very, very deep pockets. Pockets deep enough that pretty much anyone becomes open for bribes. And if bribes don't work, well, there are other ways to be convincing.
Any key you have will also be held by Iran, Russia and probably even North Korea within reasonable time. That backdoor game is an odd one: The only winning move is not to play it.
Re: (Score:2)
A state and federal designed in PRISM like NSA and GCHQ decryption network set into every hardware company with access by any state task force with federal funding by default?
Microsoft handed the NSA access to encrypted messages (12 July 2013)
https://www.theguardian.com/wo... [theguardian.com]
"Material collected through Prism is routinely shared with the FBI and CIA, with one NSA document describing the p
Re: (Score:2)
Microsoft can always be relied on
Not always. It's totally random.
my fav part (Score:1)
Re: (Score:2)
Probably not. Copyright protects creative expression. There is no creativity involved in the creation of a cryptographic key, so copyright would almost certainly not apply.
Re: (Score:2)
Just curious is anyone knows whether MS can claim copyright in their master key?
Probably not. Copyright protects creative expression. There is no creativity involved in the creation of a cryptographic key, so copyright would almost certainly not apply.
"no creativity" -- you clearly haven't read some recent copyrighted books, or listened to some recent copyrighted music (and I use the term "music" rather loosely here)
Bring popcorn to the meeting at Microsoft! (Score:1)
Because if you have the golden key, you can revoke and replace the golden keys and the personal keys held in escrow by Microsoft, and avoid the extremely cooperative Microsoft approach to providing these to any schmuck with a rubber-stamped piece of paper saying "government on it".
I was at the MIT lecture hall where Brian Lamacchia presented about the "Palladium" software, since renamed "Trusted Computing" and the core of "Secure Boot". The audience was very unhappy with his pretense that all this security
This really deserves a song. (Score:1)
Music: "Brand New Key"
Oh, I blew a software giant to smithereens,
I got its Golden Key.
Wonder what other tasks a wandering mind
Might have for me.
Is this megalomania?
Am I out of my tree?
Cuz I blew a software giant to smithereens,
I got its Golden Key.