“Microsoft leaked the golden keys that unlock Windows-powered tablets, phones and other devices sealed by Secure Boot – and is now scrambling to undo the blunder,” Chris Williams reports for The Register.
“These skeleton keys can be used to install non-Redmond operating systems on locked-down computers. In other words, on devices that do not allow you to disable Secure Boot even if you have administrator rights – such as ARM-based Windows RT tablets – it is now possible to sidestep this block and run, say, GNU/Linux or Android,” Williams reports. “What’s more, it is believed it will be impossible for Microsoft to fully revoke the leaked keys.”
Williams reports, “And perhaps most importantly: it is a reminder that demands by politicians and crimefighters for special keys, which can be used by investigators to unlock devices in criminal cases, will inevitably jeopardize the security of everyone… It’s akin to giving special secret keys to the police and the Feds that grant investigators full access to people’s devices and computer systems. Such backdoor keys can and most probably will fall into the wrong hands: rather than be used exclusively for fighting crime, they will be found and exploited by criminals to compromise communications and swipe sensitive personal information.”
MacDailyNews Take: When liars like U.S. FBI Director James Comey claim the need for “backdoors” that will only be for “the good guys,” point them directly to this news.
U.S. FBI Director James Comey
As we wrote back in March: “Again, encryption is either on or off. This is a binary issue. There is no in-between. You either have encryption or you do not.”
There have been people that suggest that we should have a back door. But the reality is if you put a back door in, that back door’s for everybody, for good guys and bad guys. — Apple CEO Tim Cook, December 2015
This is not about this phone. This is about the future. And so I do see it as a precedent that should not be done in this country or in any country. This is about civil liberties and is about people’s abilities to protect themselves. If we take encryption away… the only people that would be affected are the good people, not the bad people. Apple doesn’t own encryption. Encryption is readily available in every country in the world, as a matter of fact, the U.S. government sponsors and funs encryption in many cases. And so, if we limit it in some way, the people that we’ll hurt are the good people, not the bad people; they will find it anyway. — Apple CEO Tim Cook, February 2016
Oppose government overreach.
Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety. – Benjamin Franklin, Historical Review of Pennsylvania, 1759
Wishing, wanting so bad that it hurts, for a “secure back door” doesn’t make it possible. Hopefully someday, someone will be able to explain to Mr. Comey or his successor why that’s not possible so we can end this debate once and for all. If there really is a market for a device which is open to law enforcement, let someone manufacture it and try and sell it, honestly noting that the device can be compromised by anyone with a key, and let’s see how many they sell.
What makes you think they didn’t intend to do it? It is possible they scuttled the structure because it was already compromised by third party players. By sinking the ship they prevent future revelations before it comes out who was involved and what was actually negotiated.
Well back to legacy boot for all of us.
Well actually I will stick with EUFI and GPT. Just won’t count on SecureBoot to be worth anything.
We did function 15 years with Intel’s failed 2nd layer code execution failure. We have been living in a fantasy world of safe -err- ignorant computing.
The backdoors are only to interfere in the privacy of everyone. Mr Comey or rather say Mr Comic, should have prosecuted Hillary Clinton and had been more meaningful to the country than asking for backdoors.
So yeah, Microsoft ad nauseam. Let’s make this era of IN-security last forever! We’ll call it FUD Nation! Be scared, all the time, on edge, whimpering sheeple in a meadow of chaos. The first PreziDent will be James Comey. Jimmy Boy Is Watching You! 😛
During the development of Windows 10 v1607 ‘Redstone’, MS added a new type of secure boot policy. Namely, “supplemental” policies that are located in the EFIESP partition (rather than in a UEFI variable), and have their settings merged in, dependant on conditions (namely, that a certain “activation” policy is also in existance, and has been loaded in).
Redstone’s bootmgr.efi loads “legacy” policies (namely, a policy from UEFI variables) first. At a certain time in redstone dev, it did not do any further checks beyond signature / deviceID checks. (This has now changed, but see how the change is stupid)
After loading the “legacy” policy, or a base policy from EFIESP partition, it then loads, checks and merges in the supplemental policies.
See the issue here? If not, let me spell it out to you plain and clear. The “supplemental” policy contains new elements, for the merging conditions. These conditions are (well, at one time) unchecked by bootmgr when loading a legacy policy. And bootmgr of win10 v1511 and earlier certainly doesn’t know about them. To those bootmgrs, it has just loaded in a perfectly valid, signed policy.
The “supplemental” policy does NOT contain a DeviceID. And, because they were meant to be merged into a base policy, they don’t contain any BCD rules either, which means that if they are loaded, you can enable testsigning. Not just for windows (to load unsigned driver, ie rootkit), but for the {bootmgr} element as well, which allows bootmgr to run what is effectively an unsigned .efi (ie bootkit)!!! (In practise, the .efi file must be signed, but it can be self-signed) You can see how this is very bad!! A backdoor, which MS put in to secure boot because they decided to not let the user turn it off in certain devices, allows for secure boot to be disabled everywhere!
You can see the irony. Also the irony in that MS themselves provided us several nice “golden keys” (as the FBI would say 😉 for us to use for that purpose 🙂
About the FBI: are you reading this? If you are, then this is a perfect real world example about why your idea of backdooring cryptosystems with a “secure golden key” is very bad! Smarter people than me have been telling this to you for so long, it seems you have your fingers in your ears. You seriously don’t understand still? Microsoft implemented a “secure golden key” system. And the golden keys got released from MS own stupidity. Now, what happens if you tell everyone to make a “secure golden key” system? Hopefully you can add 2+2… . . . .
The source report page is well worth the visit, if only for its sarcastic retro design.
Microsoft just made a secure method of booting, leveraging Intel technology, effectively useless. Who cares about the good guys. Now we have to contend with digitally signed root kits.
“Meadow of chaos” sounds much scarier than “grassy knoll.” Nice writing. You’ve inspired me to get out my own poison pen again. You’re right, Derek — if everything is going to hell, why not try to have some fun with it?
The tool of humor cuts through all horrors, if wielded with pleasure and skill. Laughter is the best medicine. Darkness hides from the light of humor. I bet Archangel Michael is the best comedian in heaven. 😉
I keep bashing at my fiction writing. You’re welcome to join pens with me any time. I’m counting on it! 😀 Now back to work…
Everybody likes cute animals. And everybody likes smackdowns. So I’m developing a story that pits Schroedinger’s Cat against the Cheshire Cat. Yes, it’s a comedy with deadly elements. Aristotle insisted that the kernel of humour was tragedy, provided that the tragedy happened to someone else. I got the idea from Who Killed Roger Rabbit, in which Donald Duck and Daffy Duck play Duelling Banjos. Uh, Pianos.
Schroedinger’s Cat against the Cheshire Cat
*excitement*anticipation*mystery*
The Cheshire Cat has always been a favorite of mine. My Dad brought home a 10 (or so) LP reading and production of ‘Alice in Wonderland’ when I was four. It included an illustrated copy of the book. Music by Alec Wilder. Read by Cyril Ritchard. (Captain Hook!) I was allowed to play records on the player at that age. I wore out the set and marked up the book. I still have it around here somewhere. If I recall, the Cheshire Cat ‘belonged’ to the Duchess. There was a face! Great illustration.
😉
What the government really means when they say they want a backdoor is that they want the citizens to bend over so they can stick it to us.
The encryption issue is not binary. You may say you either have it or you don’t, but there are many levels of encryption form very weak and nearly useless to very strong and almost impossible to crack.
It is technically true that the issue is not binary, since there is–in theory–no such thing as an absolutely perfect encryption system.
However, there is a bright line: on one side are encryption schemes that can readily be circumvented by both the government and criminals; on the other side are schemes that are so expensive to crack (in terms of time and computational resources) that doing so is not a reasonable use of those resources.
That *is* a binary situation: a particular scheme is either on one side of the line or on the other. There is no known middle ground for compromise where data can always be accessed with a lawful warrant but never otherwise. Wishing it were otherwise does not make it so.
As a former prosecutor, I can see where the FBI is coming from. Strong encryption does not pose just a pretended danger. It really will allow some incredibly bad guys the freedom to victimize others without any realistic chance of getting caught. Preventing crimes and punishing criminals is what police and prosecutors live for, so strong encryption is a direct attack on their work… and on many of the people they protect.
Unfortunately, forbidding strong encryption poses even greater risks to society from criminals, terrorists, foreign state actors, and even overreaching American state actors. In the absence of a compromise that is technically possible, we must chose between one set of dangers and the other.
We need to convince people like Comey and his supporters (who include a lot of Republicans and Trump supporters who should know better) that what they are asking for is simply unattainable with any existing or foreseeable technology, and that the dangers of weak encryption are the more serious risks.
So it’s the Republicans? Are you truly that ignorant? Do you not understand by now that it was Obama directly setting the policy to Comey and ordering him to challenge Apple regarding the encrypted iPhone in the San Bernardino/Islamic nutjobs case?
Let me copy & paste what I posted on MDN this past March:
It is Obama and his administration who are demanding this of Apple. Of course liberals simply can’t understand how their “perfect” leader could actually bring about this situation, so they remain in denial and continue to blame the Republicans in order to attempt to deflect criticism of the current administration.
Here’s the truth that gets almost everybody angry: Obama, Trump, and most of the established elected Senators and Representatives OF BOTH PARTIES HAVE EXACTLY THE SAME POSITION ON THIS ISSUE. That is, they knowingly lie by stating that the FBI wants to unlock “only one phone” while full well knowing that they (the FBI via the Obama administration; it would be the same if, say, George Bush or Bill Clinton were still in office) are asking for a master key (“govtOS” as Apple called it) to unlock ALL iPhones.
Please stop trying to make this a political issue. We should all be alarmed that the majority of our so-called leaders of both major parties are willing to ignore the majority opinion of Americans on this issue.
The issue of personal privacy should be of paramount importance to all of us, regardless of how we vote. Put your partisan politics aside and look at the facts, as painful as this will be to you.
If you actually read what I wrote, I was simply pointing out that the people on the wrong side of this issue do not include only Obama-administration officials and what Botty calls Libtards, i.e. folks you would expect to mindlessly support Big Government. I don’t need your citations to know how they stand on this issue.
However, the people who were piling on Apple over the San Bernadino phone ALSO included a lot of folks (Republicans otherwise like me) who should be a lot more suspicious of the risk of jackbooted thuggism. Donald J. Trump was personally conspicuous among them. All those people should, as I said above, know better than to give the government a master key into our personal data.
With all respect, you are the one trying to make a partisan issue out of this. The villain here is technological ignorance affecting both parties. The remedy is to educate both sides.
You realise of course that information has value to the partisan only if it advances his cause, and that he prefers the sensational variety and will pay more for it, as it advances that cause all the more among the impressionable. In the absence of supporting facts, a falsehood will do nicely in this regard. If it is later exposed it can be disavowed in any number of ways. Above all else, the partisan must avoid the truth, which when ingested naturally has a corrosive effect that diminishes his passion and may even result in desertion from his station. — John Henry Stanton
Once encryption is broken, it is off.
Not kind of off.
Wishing, wanting so bad that it hurts, for a “secure back door” doesn’t make it possible. Hopefully someday, someone will be able to explain to Mr. Comey or his successor why that’s not possible so we can end this debate once and for all. If there really is a market for a device which is open to law enforcement, let someone manufacture it and try and sell it, honestly noting that the device can be compromised by anyone with a key, and let’s see how many they sell.
Well, I’m sure they didn’t intend to do it.
What makes you think they didn’t intend to do it? It is possible they scuttled the structure because it was already compromised by third party players. By sinking the ship they prevent future revelations before it comes out who was involved and what was actually negotiated.
Well back to legacy boot for all of us.
Well actually I will stick with EUFI and GPT. Just won’t count on SecureBoot to be worth anything.
We did function 15 years with Intel’s failed 2nd layer code execution failure. We have been living in a fantasy world of safe -err- ignorant computing.
ta-DA!
Wrong-Way Comey.
The backdoors are only to interfere in the privacy of everyone. Mr Comey or rather say Mr Comic, should have prosecuted Hillary Clinton and had been more meaningful to the country than asking for backdoors.
*snap* MDN!
So yeah, Microsoft ad nauseam. Let’s make this era of IN-security last forever! We’ll call it FUD Nation! Be scared, all the time, on edge, whimpering sheeple in a meadow of chaos. The first PreziDent will be James Comey. Jimmy Boy Is Watching You! 😛
Techy excerpt from the source report at:
https://rol.im/securegoldenkeyboot/
(My emphasis added).
Now, for Microsoft’s screwups.
During the development of Windows 10 v1607 ‘Redstone’, MS added a new type of secure boot policy. Namely, “supplemental” policies that are located in the EFIESP partition (rather than in a UEFI variable), and have their settings merged in, dependant on conditions (namely, that a certain “activation” policy is also in existance, and has been loaded in).
Redstone’s bootmgr.efi loads “legacy” policies (namely, a policy from UEFI variables) first. At a certain time in redstone dev, it did not do any further checks beyond signature / deviceID checks. (This has now changed, but see how the change is stupid)
After loading the “legacy” policy, or a base policy from EFIESP partition, it then loads, checks and merges in the supplemental policies.
See the issue here? If not, let me spell it out to you plain and clear. The “supplemental” policy contains new elements, for the merging conditions. These conditions are (well, at one time) unchecked by bootmgr when loading a legacy policy. And bootmgr of win10 v1511 and earlier certainly doesn’t know about them. To those bootmgrs, it has just loaded in a perfectly valid, signed policy.
The “supplemental” policy does NOT contain a DeviceID. And, because they were meant to be merged into a base policy, they don’t contain any BCD rules either, which means that if they are loaded, you can enable testsigning. Not just for windows (to load unsigned driver, ie rootkit), but for the {bootmgr} element as well, which allows bootmgr to run what is effectively an unsigned .efi (ie bootkit)!!! (In practise, the .efi file must be signed, but it can be self-signed) You can see how this is very bad!! A backdoor, which MS put in to secure boot because they decided to not let the user turn it off in certain devices, allows for secure boot to be disabled everywhere!
You can see the irony. Also the irony in that MS themselves provided us several nice “golden keys” (as the FBI would say 😉 for us to use for that purpose 🙂
About the FBI: are you reading this? If you are, then this is a perfect real world example about why your idea of backdooring cryptosystems with a “secure golden key” is very bad! Smarter people than me have been telling this to you for so long, it seems you have your fingers in your ears. You seriously don’t understand still? Microsoft implemented a “secure golden key” system. And the golden keys got released from MS own stupidity. Now, what happens if you tell everyone to make a “secure golden key” system? Hopefully you can add 2+2… . . . .
The source report page is well worth the visit, if only for its sarcastic retro design.
I am pissed over this.
Microsoft just made a secure method of booting, leveraging Intel technology, effectively useless. Who cares about the good guys. Now we have to contend with digitally signed root kits.
This really sucks.
“Meadow of chaos” sounds much scarier than “grassy knoll.” Nice writing. You’ve inspired me to get out my own poison pen again. You’re right, Derek — if everything is going to hell, why not try to have some fun with it?
The tool of humor cuts through all horrors, if wielded with pleasure and skill. Laughter is the best medicine. Darkness hides from the light of humor. I bet Archangel Michael is the best comedian in heaven. 😉
I keep bashing at my fiction writing. You’re welcome to join pens with me any time. I’m counting on it! 😀 Now back to work…
Everybody likes cute animals. And everybody likes smackdowns. So I’m developing a story that pits Schroedinger’s Cat against the Cheshire Cat. Yes, it’s a comedy with deadly elements. Aristotle insisted that the kernel of humour was tragedy, provided that the tragedy happened to someone else. I got the idea from Who Killed Roger Rabbit, in which Donald Duck and Daffy Duck play Duelling Banjos. Uh, Pianos.
Schroedinger’s Cat against the Cheshire Cat
*excitement*anticipation*mystery*
The Cheshire Cat has always been a favorite of mine. My Dad brought home a 10 (or so) LP reading and production of ‘Alice in Wonderland’ when I was four. It included an illustrated copy of the book. Music by Alec Wilder. Read by Cyril Ritchard. (Captain Hook!) I was allowed to play records on the player at that age. I wore out the set and marked up the book. I still have it around here somewhere. If I recall, the Cheshire Cat ‘belonged’ to the Duchess. There was a face! Great illustration.
😉
What the government really means when they say they want a backdoor is that they want the citizens to bend over so they can stick it to us.
Who need a backdoor when Hilderbeast will leak it with knowingly using unsecured email?
The encryption issue is not binary. You may say you either have it or you don’t, but there are many levels of encryption form very weak and nearly useless to very strong and almost impossible to crack.
It is technically true that the issue is not binary, since there is–in theory–no such thing as an absolutely perfect encryption system.
However, there is a bright line: on one side are encryption schemes that can readily be circumvented by both the government and criminals; on the other side are schemes that are so expensive to crack (in terms of time and computational resources) that doing so is not a reasonable use of those resources.
That *is* a binary situation: a particular scheme is either on one side of the line or on the other. There is no known middle ground for compromise where data can always be accessed with a lawful warrant but never otherwise. Wishing it were otherwise does not make it so.
As a former prosecutor, I can see where the FBI is coming from. Strong encryption does not pose just a pretended danger. It really will allow some incredibly bad guys the freedom to victimize others without any realistic chance of getting caught. Preventing crimes and punishing criminals is what police and prosecutors live for, so strong encryption is a direct attack on their work… and on many of the people they protect.
Unfortunately, forbidding strong encryption poses even greater risks to society from criminals, terrorists, foreign state actors, and even overreaching American state actors. In the absence of a compromise that is technically possible, we must chose between one set of dangers and the other.
We need to convince people like Comey and his supporters (who include a lot of Republicans and Trump supporters who should know better) that what they are asking for is simply unattainable with any existing or foreseeable technology, and that the dangers of weak encryption are the more serious risks.
So it’s the Republicans? Are you truly that ignorant? Do you not understand by now that it was Obama directly setting the policy to Comey and ordering him to challenge Apple regarding the encrypted iPhone in the San Bernardino/Islamic nutjobs case?
Let me copy & paste what I posted on MDN this past March:
It is Obama and his administration who are demanding this of Apple. Of course liberals simply can’t understand how their “perfect” leader could actually bring about this situation, so they remain in denial and continue to blame the Republicans in order to attempt to deflect criticism of the current administration.
Here’s the truth that gets almost everybody angry: Obama, Trump, and most of the established elected Senators and Representatives OF BOTH PARTIES HAVE EXACTLY THE SAME POSITION ON THIS ISSUE. That is, they knowingly lie by stating that the FBI wants to unlock “only one phone” while full well knowing that they (the FBI via the Obama administration; it would be the same if, say, George Bush or Bill Clinton were still in office) are asking for a master key (“govtOS” as Apple called it) to unlock ALL iPhones.
Please stop trying to make this a political issue. We should all be alarmed that the majority of our so-called leaders of both major parties are willing to ignore the majority opinion of Americans on this issue.
The issue of personal privacy should be of paramount importance to all of us, regardless of how we vote. Put your partisan politics aside and look at the facts, as painful as this will be to you.
Care to verify? Read on:
http://investigations.nbcnews.com/_news/2013/06/11/18887491-fbi-sharply-increases-use-of-patriot-act-provision-to-collect-us-citizens-records
http://mobile.nytimes.com/2016/02/26/us/politics/obama-administration-set-to-expand-sharing-of-data-that-nsa-intercepts.html?_r=0&referer=http://macdailynews.com/2016/02/28/obama-administration-set-to-expand-sharing-of-data-that-n-s-a-intercepts/
http://www.bloomberg.com/news/articles/2016-02-19/secret-memo-details-u-s-s-broader-strategy-to-crack-phones
If you actually read what I wrote, I was simply pointing out that the people on the wrong side of this issue do not include only Obama-administration officials and what Botty calls Libtards, i.e. folks you would expect to mindlessly support Big Government. I don’t need your citations to know how they stand on this issue.
However, the people who were piling on Apple over the San Bernadino phone ALSO included a lot of folks (Republicans otherwise like me) who should be a lot more suspicious of the risk of jackbooted thuggism. Donald J. Trump was personally conspicuous among them. All those people should, as I said above, know better than to give the government a master key into our personal data.
With all respect, you are the one trying to make a partisan issue out of this. The villain here is technological ignorance affecting both parties. The remedy is to educate both sides.
You realise of course that information has value to the partisan only if it advances his cause, and that he prefers the sensational variety and will pay more for it, as it advances that cause all the more among the impressionable. In the absence of supporting facts, a falsehood will do nicely in this regard. If it is later exposed it can be disavowed in any number of ways. Above all else, the partisan must avoid the truth, which when ingested naturally has a corrosive effect that diminishes his passion and may even result in desertion from his station. — John Henry Stanton
Once encryption is broken, it is off.
Not kind of off.
Anytime the government say’s they are the “good guys,” the lock your doors and load your guns.
You people are pathetic.
Would you like to explain your reasoning?