Someone leaked Microsoft Keys

jim bell jdb10987 at yahoo.com
Thu Aug 11 16:19:28 PDT 2016 

http://www.ibtimes.co.uk/microsoft-accidentally-leaks-golden-keys-that-unlock-every-windows-device-1575542?utm_source=yahoo&utm_medium=referral&utm_campaign=rss&utm_content=/rss/yahoous/news&yptr=yahoo


[partial quote]
"Microsoft accidentally leaked the golden keys to the Windows kingdom. The keys allow hackers to unlock every Windows device, including tablets, phones and other devices that are protected by Secure Boot. The most alarming part about the leak is that it is believed that it may likely be impossible for Microsoft to fully recover from the leak."
"The leakwas uncovered by two security researchers MY123 and Slipstream, who revealed in a (Star Wars-style) blog that the security flaw allowed malicious entities with admin rights or physical access to a device can bypass Secure Boot to not only run other operating systems (OS) like Linux or Android on the device but also install and execute rootkits and bootkits, at the most deeply penetrated level of the device."
"The researchers wrote: "A backdoor, which MS put in to secure boot because they decided to not let the user turn it off in certain devices, allows for secure boot to be disabled everywhere! You can see the irony. Also the irony in that MS themselves provided us several nice 'golden keys' (as the FBI would say) for us to use for that purpose."The leak serves as a reminder of the potential dangers in security when tech firms are pressured by governments and law enforcement agencies into producing special keys that can be used by investigators to unlock devices, in the course of criminal investigations."
"About the FBI: are you reading this? If you are, then this is a perfect real world example about why your idea of backdooring cryptosystems with a 'secure golden key' is very bad!," the duo added."

[end of partial quote]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 2082 bytes
Desc: not available
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20160811/68d81c7f/attachment-0002.txt>

More information about the cypherpunks mailing list