Overclock.net › Forums › Industry News › Software News › [ZDNet] Microsoft Secure Boot key debacle causes security panic
New Posts  All Forums:Forum Nav:

[ZDNet] Microsoft Secure Boot key debacle causes security panic

post #1 of 34
Thread Starter 
Quote:
Microsoft has accidentally leaked the keys to the kingdom, permitting attackers to unlock devices protected by Secure Boot -- and it may not be possible to fully resolve the leak.
Quote:
The "golden key" debug and unlocking policy problem has emerged due to design flaws in the policy loading system.

The policy has been leaked online and can be used by users with admin rights to bypass Secure Boot on locked devices, as long as devices have not received the July patch update.

"You can see the irony. Also the irony in that MS themselves provided us several nice "golden keys" (as the FBI would say ; ) for us to use for that purpose," the researchers write.

"About the FBI: are you reading this? If you are, then this is a perfect real world example about why your idea of backdooring cryptosystems with a "secure golden key" is very bad!," the team added. "Microsoft implemented a "secure golden key" system. And the golden keys got released from MS own stupidity."
Quote:
"Either way, it'd be impossible in practise for MS to revoke every bootmgr earlier than a certain point, as they'd break install media, recovery partitions, backups, etc," the duo commented.

Source.
 
Metro 2033 review
Metro 2033
CPUMotherboardGraphicsRAM
Core i7-3820 Asus Sabertooth X79 MSI GTX 1060 6 GB Gaming X 16 GB Corsair DDR3 1866 Mhz Dominator 
Hard DriveOptical DriveCoolingOS
Samsung SSD 830 128GB + WD Caviar Black 2TB Sony Optiarc DVD-RW Corsair A70 + Noiseblocker M12-P Windows 7 Home Premium 64-bit 
MonitorKeyboardPowerCase
BenQ RL2455HM Cooler Master Octane Corsair AX750 Professional Modular 80 Plus Gold Cooler Master HAF 912 Plus 
Mouse
Cooler Master Octane 
  hide details  
Reply
 
Metro 2033 review
Metro 2033
CPUMotherboardGraphicsRAM
Core i7-3820 Asus Sabertooth X79 MSI GTX 1060 6 GB Gaming X 16 GB Corsair DDR3 1866 Mhz Dominator 
Hard DriveOptical DriveCoolingOS
Samsung SSD 830 128GB + WD Caviar Black 2TB Sony Optiarc DVD-RW Corsair A70 + Noiseblocker M12-P Windows 7 Home Premium 64-bit 
MonitorKeyboardPowerCase
BenQ RL2455HM Cooler Master Octane Corsair AX750 Professional Modular 80 Plus Gold Cooler Master HAF 912 Plus 
Mouse
Cooler Master Octane 
  hide details  
Reply
post #2 of 34
welp now I know for sure to do all my downloading on my backup hdd (main ssd, backup hdd and an extra unconnected hdd) for window 7 computer
My build
(12 items)
 
  
CPUMotherboardGraphicsRAM
8350 MSI 970 Gaming  R9 290x 4GB Evga SSC 1866 
Hard DriveOptical DriveCoolingOS
samsung 850 evo lg thermaltek nic c4 microsoft 
MonitorPowerCaseMouse
asus vq evga g2 cooler master k380 logitech 402 
  hide details  
Reply
My build
(12 items)
 
  
CPUMotherboardGraphicsRAM
8350 MSI 970 Gaming  R9 290x 4GB Evga SSC 1866 
Hard DriveOptical DriveCoolingOS
samsung 850 evo lg thermaltek nic c4 microsoft 
MonitorPowerCaseMouse
asus vq evga g2 cooler master k380 logitech 402 
  hide details  
Reply
post #3 of 34
This is precisely why I would never seriously rely on any closed source cryptography system, or any system where there was any reason to suspect any sort of intentional security workaround for anyone.
Primary
(15 items)
 
Secondary
(13 items)
 
In progress
(10 items)
 
CPUMotherboardGraphicsRAM
5820K @ 4.2/3.5GHz core/uncore, 1.175/1.15v Gigabyte X99 SOC Champion (F22n) Gigabyte AORUS GTX 1080 Ti (F3P) @ 2025/1485, 1... 4x4GiB Crucial @ 2667, 12-12-12-28-T1, 1.34v 
Hard DriveHard DriveHard DriveCooling
Plextor M6e 128GB (fw 1.06) M.2 (PCI-E 2.0 2x) 2x Crucial M4 256GB 4x WD Scorpio Black 500GB Noctua NH-D15 
OSMonitorKeyboardPower
Windows 7 Professional x64 SP1 BenQ BL3200PT Filco Majestouch Tenkeyless (MX Brown) Corsair RM1000x 
CaseMouseAudio
Fractal Design Define R4 Logitech G402 Realtek ALC1150 + M-Audio AV40 
CPUMotherboardGraphicsRAM
X5670 @ 4.4/3.2GHz core/uncore, 1.36 vcore, 1.2... Gigabyte X58A-UD5 r2.0 w/FF3mod10 BIOS Sapphire Fury Nitro OC+ @ 1053/500, 1.225vGPU/1... 2x Samsung MV-3V4G3D/US @ 2000, 10-11-11-30-T1,... 
RAMHard DriveHard DriveHard Drive
1x Crucial BLT4G3D1608ET3LX0 @ 2000, 10-11-11-3... OCZ (Toshiba) Trion 150 120GB Hyundai Sapphire 120GB 3x Hitachi Deskstar 7k1000.C 1TB 
CoolingOSPowerCase
Noctua NH-D14 Windows 7 Pro x64 SP1 Antec TP-750 Fractal Design R5 
Audio
ASUS Xonar DS 
CPUMotherboardGraphicsRAM
i7-6800K @ 4.3/3.5GHz core/uncore, 1.36/1.2v ASRock X99 OC Formula (P3.10) GTX 780 (temporary) 4x4GiB Crucial DDR4-2400 @ 11-13-12-28-T2, 1.33v 
Hard DriveHard DriveCoolingOS
Intel 600p 256GB NVMe 2x HGST Travelstar 7k1000 1TB Corsair H55 (temporary) Windows Server 2016 Datacenter 
PowerCase
Seasonic SS-860XP2 Corsair Carbide Air 540 
  hide details  
Reply
Primary
(15 items)
 
Secondary
(13 items)
 
In progress
(10 items)
 
CPUMotherboardGraphicsRAM
5820K @ 4.2/3.5GHz core/uncore, 1.175/1.15v Gigabyte X99 SOC Champion (F22n) Gigabyte AORUS GTX 1080 Ti (F3P) @ 2025/1485, 1... 4x4GiB Crucial @ 2667, 12-12-12-28-T1, 1.34v 
Hard DriveHard DriveHard DriveCooling
Plextor M6e 128GB (fw 1.06) M.2 (PCI-E 2.0 2x) 2x Crucial M4 256GB 4x WD Scorpio Black 500GB Noctua NH-D15 
OSMonitorKeyboardPower
Windows 7 Professional x64 SP1 BenQ BL3200PT Filco Majestouch Tenkeyless (MX Brown) Corsair RM1000x 
CaseMouseAudio
Fractal Design Define R4 Logitech G402 Realtek ALC1150 + M-Audio AV40 
CPUMotherboardGraphicsRAM
X5670 @ 4.4/3.2GHz core/uncore, 1.36 vcore, 1.2... Gigabyte X58A-UD5 r2.0 w/FF3mod10 BIOS Sapphire Fury Nitro OC+ @ 1053/500, 1.225vGPU/1... 2x Samsung MV-3V4G3D/US @ 2000, 10-11-11-30-T1,... 
RAMHard DriveHard DriveHard Drive
1x Crucial BLT4G3D1608ET3LX0 @ 2000, 10-11-11-3... OCZ (Toshiba) Trion 150 120GB Hyundai Sapphire 120GB 3x Hitachi Deskstar 7k1000.C 1TB 
CoolingOSPowerCase
Noctua NH-D14 Windows 7 Pro x64 SP1 Antec TP-750 Fractal Design R5 
Audio
ASUS Xonar DS 
CPUMotherboardGraphicsRAM
i7-6800K @ 4.3/3.5GHz core/uncore, 1.36/1.2v ASRock X99 OC Formula (P3.10) GTX 780 (temporary) 4x4GiB Crucial DDR4-2400 @ 11-13-12-28-T2, 1.33v 
Hard DriveHard DriveCoolingOS
Intel 600p 256GB NVMe 2x HGST Travelstar 7k1000 1TB Corsair H55 (temporary) Windows Server 2016 Datacenter 
PowerCase
Seasonic SS-860XP2 Corsair Carbide Air 540 
  hide details  
Reply
post #4 of 34
Quote:
Originally Posted by tpi2007 View Post



Source.

This is actually a good thing it was leaked. The more exposure of how MS is in bed with the FBI, the better.
post #5 of 34
Quote:
Originally Posted by aweir View Post

Quote:
Originally Posted by tpi2007 View Post



Source.

This is actually a good thing it was leaked. The more exposure of how MS is in bed with the FBI, the better.

I think this is a good thing to show how dangerous/stupid backdoors are. The next time a politician or the judicial system says "well only law enforcement would have access!". Nope. Slip ups by companies or companies getting hacked means everyone is at risk.
Edited by serothis - 8/10/16 at 9:37am
Langour
(13 items)
 
  
CPUMotherboardGraphicsRAM
i5 2500k @ 4.7ghz MSI p67a-gd80 MSI N580GTX Lightning @ 960mhz Mushkin Ridgeback 8gb (2 x 4gb) 
Hard DrivePowerCase
WD blue caviar 1T; Mushkin Castillo SSD 60gb Corsair 850HX Corsair 600T Special Edition 
  hide details  
Reply
Langour
(13 items)
 
  
CPUMotherboardGraphicsRAM
i5 2500k @ 4.7ghz MSI p67a-gd80 MSI N580GTX Lightning @ 960mhz Mushkin Ridgeback 8gb (2 x 4gb) 
Hard DrivePowerCase
WD blue caviar 1T; Mushkin Castillo SSD 60gb Corsair 850HX Corsair 600T Special Edition 
  hide details  
Reply
post #6 of 34

Just wow.

 

Quote:
As a result, a third update is expected to address this issue in September. 

 

:doh:

post #7 of 34
Quote:
Originally Posted by aweir View Post
 
Quote:
Originally Posted by tpi2007 View Post



Source.

This is actually a good thing it was leaked. The more exposure of how MS is in bed with the FBI, the better.

M$py have been an integral part of the Echelon, Prism and worse programs for over a decade.

 

Sadly Linux isn't safe from back doors either as they're all enforced by the US and other loldemocratic governments.

The girlfriend.
(15 items)
 
The Mistress
(13 items)
 
Media Server
(11 items)
 
CPUMotherboardGraphicsRAM
A8-6410 Lenovo Lancer 4B2 K16.3 R5 128 Shaders/M230 Hynix 8GB DDR3 1600 
Hard DriveHard DriveOSMonitor
Samsung 840 120 GB SSD Seagate Momentus 1TB 5400rmp Win 8.1 CMN1487 TN LED 14" 1366*768 
KeyboardPowerMouseMouse Pad
Lenovo AccuType 2900mAh/41Wh Elan Trackpad/Logitech M90 Super Flower 
Audio
AMD Avalon(Connexant) 
  hide details  
Reply
The girlfriend.
(15 items)
 
The Mistress
(13 items)
 
Media Server
(11 items)
 
CPUMotherboardGraphicsRAM
A8-6410 Lenovo Lancer 4B2 K16.3 R5 128 Shaders/M230 Hynix 8GB DDR3 1600 
Hard DriveHard DriveOSMonitor
Samsung 840 120 GB SSD Seagate Momentus 1TB 5400rmp Win 8.1 CMN1487 TN LED 14" 1366*768 
KeyboardPowerMouseMouse Pad
Lenovo AccuType 2900mAh/41Wh Elan Trackpad/Logitech M90 Super Flower 
Audio
AMD Avalon(Connexant) 
  hide details  
Reply
post #8 of 34
Quote:
Originally Posted by aweir View Post

This is actually a good thing it was leaked. The more exposure of how MS is in bed with the FBI, the better.

There's an interesting quote about this: "Never create--nor prevent--a crisis."
The 2013 Build
(14 items)
 
  
CPUMotherboardGraphicsRAM
--- SOLD --- --- SOLD ---  --- SOLD --- --- SOLD --- 
Hard DriveOptical DriveCoolingOS
Samsung 850 EVO 500GB ASUS DRW-24B3ST (24X DVD burner) Noctua NH-U14S w/ NH-T1 TIM Windows 10 Pro (x64) 
MonitorKeyboardPowerCase
ASUS VG248QE w/ Lightboost @ 120Hz Ducky Shine III (MX Brown w/ Red backlights) Kingwin LZP-1000 (1000W) PSU Corsair Carbide Air 540 
Mouse Pad
Razer Goliathus (Precision Control model) - Sta... 
  hide details  
Reply
The 2013 Build
(14 items)
 
  
CPUMotherboardGraphicsRAM
--- SOLD --- --- SOLD ---  --- SOLD --- --- SOLD --- 
Hard DriveOptical DriveCoolingOS
Samsung 850 EVO 500GB ASUS DRW-24B3ST (24X DVD burner) Noctua NH-U14S w/ NH-T1 TIM Windows 10 Pro (x64) 
MonitorKeyboardPowerCase
ASUS VG248QE w/ Lightboost @ 120Hz Ducky Shine III (MX Brown w/ Red backlights) Kingwin LZP-1000 (1000W) PSU Corsair Carbide Air 540 
Mouse Pad
Razer Goliathus (Precision Control model) - Sta... 
  hide details  
Reply
post #9 of 34
does this affect only windows mobile phones or also windows 7, 8/8.1, 10 pc?
post #10 of 34
Quote:
Originally Posted by revro View Post

does this affect only windows mobile phones or also windows 7, 8/8.1, 10 pc?
This potentially affects all motherboards that have the "Secure Boot" feature.
PC
(19 items)
 
  
CPUMotherboardGraphicsRAM
Ryzen 7 1700 Crosshair VI Hero GTX970 @1492MHz F4-3200C14-8GFX 
Hard DriveHard DriveHard DriveOptical Drive
Crucial MX200 Samsung 850 Evo a few HDD's LG BluRay BH16NS40 
CoolingOSOSMonitor
Noctua NH-D15 Windows 10 Pro Arch Linux LG W2442PA 
MonitorKeyboardPowerCase
Viewsonic XG2401 Cherry MX-Board 3.0 Corsair RM850i Fractal Define R5 
MouseMouse PadAudio
Logitech G403 Roccat Taito OnBoard + Focusrite Scarlett 18i8 
  hide details  
Reply
PC
(19 items)
 
  
CPUMotherboardGraphicsRAM
Ryzen 7 1700 Crosshair VI Hero GTX970 @1492MHz F4-3200C14-8GFX 
Hard DriveHard DriveHard DriveOptical Drive
Crucial MX200 Samsung 850 Evo a few HDD's LG BluRay BH16NS40 
CoolingOSOSMonitor
Noctua NH-D15 Windows 10 Pro Arch Linux LG W2442PA 
MonitorKeyboardPowerCase
Viewsonic XG2401 Cherry MX-Board 3.0 Corsair RM850i Fractal Define R5 
MouseMouse PadAudio
Logitech G403 Roccat Taito OnBoard + Focusrite Scarlett 18i8 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Software News
Overclock.net › Forums › Industry News › Software News › [ZDNet] Microsoft Secure Boot key debacle causes security panic