DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!
   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
DarkVision Hardware - Daily tech news
May 29, 2020 
Main Menu
News archives

Who's Online
There are currently 98 people online.


Latest Reviews
Ewin Racing Flash gaming chair
Arctic BioniX F120 and F140 fans
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset

Follow us

Oops: Microsoft accidentally leaked a Secure Boot backdoor

Posted on Friday, August 12 2016 @ 00:50:59 CEST by

MS logo
It appears Microsoft has defeated the safety of Secure Boot as the company inadvertently leaked a so-called "golden key", a mechanism that enables users to by-pass this boot safety system. This by-pass enables the merging of a policy that loads an unsigned operating system into an otherwise valid policy, and was likely used so Microsoft developers could easily load unsigned code.

On the bright side, this makes the installation of Linux or other operating systems easier on a variety of devices, but the bad news is that this threatens to make Secure Boot useless against advanced bootkits and rootkits.
You can see how this is very bad!! A backdoor, which MS put in to secure boot because they decided to not let the user turn it off in certain devices, allows for secure boot to be disabled everywhere!

You can see the irony. Also the irony in that MS themselves provided us several nice "golden keys" (as the FBI would say ;-) for us to use for that purpose

About the FBI: are you reading this? If you are, then this is a perfect real world example about why your idea of backdooring cryptosystems with a "secure golden key" is very bad! Smarter people than me have been telling this to you for so long, it seems you have your fingers in your ears. You seriously don't understand still? Microsoft implemented a "secure golden key" system. And the golden keys got released from MS own stupidity. Now, what happens if you tell everyone to make a "secure golden key" system? Hopefully you can add 2+2...
The golden keys were discovered in March 2016 by my123 and slipstream. They created a cheesy website that explains what this is about, you can visit it over here. It seems Microsoft put this in Windows 10 Anniversary Update for debugging purposes but accidentally forgot to remove it from the production versions.

Microsoft attempted to patch it but the researchers claim the patch doesn't do anything useful. In fact, they doubt whether Microsoft will be able to rectify this big snafu as that would break install media, recovery partitions, backups, etc.



DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2019 DM Media Group bvba