Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Windows 8 Secure Boot Defeated

samzenpus posted more than 2 years ago | from the what-took-so-long? dept.

Microsoft 205

jhigh writes "An Austrian security researcher is scheduled to release the first 'bootkit' for Windows 8 at the upcoming MalCon in Mumbai. This exploit loads in the MBR and stays memory resident until Windows loads, resulting in root access to the system. This allegedly defeats the new secure boot features in Windows 8's bootloader."

cancel ×

205 comments

Sorry! There are no comments related to the filter you selected.

Could open your system up to malware like Linux (5, Funny)

elrous0 (869638) | more than 2 years ago | (#38090204)

But if the Windows bootloader integrity is compromised, we could all end up infected with Ubuntu, Debian, FreeBSD--god only knows what!

Won't someone PLEASE think of the children?!?!?

Re:Could open your system up to malware like Linux (5, Funny)

Anonymous Coward | more than 2 years ago | (#38090284)

That's what Edubuntu's for.

Re:Could open your system up to malware like Linux (4, Informative)

liquidweaver (1988660) | more than 2 years ago | (#38090302)

Someone has thought of the kids!! http://maketecheasier.com/doudoulinux-a-fun-linux-distro-for-kids/2010/11/26 [maketecheasier.com]

Re:Could open your system up to malware like Linux (2, Insightful)

Talderas (1212466) | more than 2 years ago | (#38090428)

dou dou linux?

Naming a flavor of linux after shit?

Re:Could open your system up to malware like Linux (4, Informative)

c++0xFF (1758032) | more than 2 years ago | (#38090524)

Actually, it refers to a teddy bear [doudoulinux.org] . Kinda cute, with unfortunate implications to the American ear.

Re:Could open your system up to malware like Linux (2)

mangu (126918) | more than 2 years ago | (#38091476)

Some teddy bears [knowyourmeme.com] have even worse implications...

Re:Could open your system up to malware like Linux (1)

phorm (591458) | more than 2 years ago | (#38091510)

Besides, to kids, "doo doo" is probably fun/amusing.

Re:Could open your system up to malware like Linux (4, Informative)

Anonymous Coward | more than 2 years ago | (#38090762)

Doudou is the French for comforter; a child favorite blanket, teddy bear or a scarf.

Like Wii (2)

tepples (727027) | more than 2 years ago | (#38091826)

And "oui" is the French word for yes, not just the English word for urine.

Re:Could open your system up to malware like Linux (-1)

Anonymous Coward | more than 2 years ago | (#38090790)

dou dou linux?

Naming a flavor of linux after shit?

Well, at least it's an accurate name for once. Linux is shit.

-Bill

Re:Could open your system up to malware like Linux (3, Funny)

Anonymous Coward | more than 2 years ago | (#38091394)

Say what you like about Microsoft, but one thing you can't deny is that Microsoft uses reputation management software to create multiple fake social media profiles.

Many of them are used to moderate and influence discussion in tech sites like Slashdot.

Re:Could open your system up to malware like Linux (0)

Anonymous Coward | more than 2 years ago | (#38090610)

Or just some nice rootkits...

Re:Could open your system up to malware like Linux (1)

goffster (1104287) | more than 2 years ago | (#38090694)

The kids are alright.

Re:Could open your system up to malware like Linux (0)

Anonymous Coward | more than 2 years ago | (#38090816)

"Won't someone PLEASE think of the children?!?!?"

I laughed out loud and work and everyone is wondering why.

Maybe (2)

zoomshorts (137587) | more than 2 years ago | (#38090914)

But my child is gay, what does that portend?

Secure boot is UEFI (5, Interesting)

Anonymous Coward | more than 2 years ago | (#38090248)

Secure Boot is a UEFI feature, not Windows one. The article makes no reference to UEFI whatsoever - and it offers no explanation either for what mechanic was actually defeated. I do doubt the integrity of the article ARS is using.

Re:Secure boot is UEFI (5, Funny)

Anonymous Coward | more than 2 years ago | (#38090320)

>>I do doubt the integrity of the article ARS is using.

Are you suggesting that ARS was compromised?

Re:Secure boot is UEFI (5, Funny)

cvtan (752695) | more than 2 years ago | (#38090886)

No. They just got it ARS backwards.

Re:Secure boot is UEFI (4, Interesting)

makomk (752139) | more than 2 years ago | (#38090454)

Secure Boot is a Windows feature building on a UEFI feature. If I'm understanding it correctly, every stage in the chain needs to be secure in order for the boot to actually be secure - a security flaw in either the UEFI firmware or the Windows code could render it ineffective.

Re:Secure boot is UEFI (5, Funny)

Anomalyst (742352) | more than 2 years ago | (#38090740)

a security flaw in either the UEFI firmware or the Windows code could render it ineffective.

Let's get real, what are the odds of a flaw in Windows code?

Re:Secure boot is UEFI (2)

Tastecicles (1153671) | more than 2 years ago | (#38092904)

ISTR someone ran some numbers on Windows 95 some years back... in 15 million lines of code, there were (I forget the reported number) several hundred thousand coding errors which ranged from kernel bugs to showstoppers - odds of an error in precompile code actually worked out to about one "showstopper" error every thirteen lines. A lot of them had numbers atttributed to them (MSKB) with workarounds and/or downloadable and/or service packed (or in those days, "OEM service release") patches. For a while between the release of Windows 95 and just before XP was released, I had an MSDN subscription; almost on a weekly basis I received CDs through the door containing the latest batch of across-the-board patches and service releases. I let the subscription lapse because I was starting to drown in MSDN binders...

Re:Secure boot is UEFI (1)

DJRumpy (1345787) | more than 2 years ago | (#38092672)

Somewhat. Windows 8 is the first OS from MS to support the UEFI secure boot feature. In that way it's much like the DMA for Blu-Ray, meaning all links in the chain must support it in order for the disc to be legally decrypted (in theory at least..lol).

I've found other references to this rootkit though and apparently the flaw is actually exposed in the legacy BIOS, not in UEFI, or Windows 8.

According to Kleissner the new Windows 8 hack does not attack UEFI ’secure boot’ feature and currently only works on systems running legacy BIOSes.

Ref: http://www.zdnet.com/blog/hardware/security-researcher-creates-windows-8-bootkit/16365 [zdnet.com]

Re:Secure boot is UEFI (5, Informative)

afidel (530433) | more than 2 years ago | (#38091078)

You are correct, this is just an update of his previous exploit against other Windows versions, it only works with legacy BIOS, not against EUFI with secure boot. The story over at ARS has been updated.

Re:Secure boot is UEFI (4, Interesting)

cbhacking (979169) | more than 2 years ago | (#38092536)

The funny thing is, this kind of thing is exactly the reason *for* Secure Boot (the non-conspiracy one, not the one that Slashdot is typically talking about). If you're using UEFI and you can verify a chain of trust, then you don't have boot sector malware. The fact that boot sector malware is possible on Win8 if you're NOT USING UEFI (because you're using an MBR) is not only obvious, it's the problem that Secure Boot is supposed to prevent.

I wonder, among the peoople who tagged this "irony", how many actually ahve the right of it. The only irony in the situation is that Slashdot is so rabidly opposed to the idea that a headline which is factually incorrect (blatantly obviously so) is posted because it is compatible with the popular bias, despite having no basis in the technology that we nerds supposedly understand.

That all said, there are certainly valid concerns about Secure Boot. It's entirely possible that they outweigh the value of making malware like this impossible. You should know what you're up against when you argue your case, though.

Re:Secure boot is UEFI (1)

afidel (530433) | more than 2 years ago | (#38092762)

I have nothing against secure boot, just like I had nothing against TPM. They are merely tools that allow you to make a computer more secure if you so choose. Unless and until Microsoft completely shuts off significant Windows functionality if you aren't running these technologies then I have nothing against them. I don't want PC's to become glorified XBOX's with a different application set but I also recognize that it's impossible to have a completely secure environment without the help of hardware enforcement.

Re:Secure boot is UEFI (-1)

Anonymous Coward | more than 2 years ago | (#38091442)

In fact UEFI should take care so that his bootkit can't run on the machine. What's his point? UEFI secure boot is more or less TPM secure boot, enabled by default, with keys controlled by MS, and mandated to be eligible for Windows8 logo.
Obvious reason: security against malware hijacking bootloaders.
Hidden reason: Linux did not catch up on the desktop "yet" (except in niches), but as Intel is active on supporting Android on x86, PC versions could be not so far behind the horizon.

Re:Secure boot is UEFI (1)

SuricouRaven (1897204) | more than 2 years ago | (#38091678)

Actually the keys are controlled by the OEM, or the motherboard manufacturer. In theory, they have the choice of which operating systems to allow. In practice, people aren't inclined to trust the OEMs. Most of whom don't like to acknowledge linux exists.

Re:Secure boot is UEFI (2, Interesting)

0123456 (636235) | more than 2 years ago | (#38091792)

Don't forget DRM: this way Microsoft can ensure that you can't install drivers or other software that can break the DRM system. Only a signed OS runs, only signed drivers run, eventually only signed applications from the Windows App Store run.

Back that Boot-y up (1)

dasherjan (1485895) | more than 2 years ago | (#38090286)

Hurray?

Horray! (5, Funny)

Tyrannosaur (2485772) | more than 2 years ago | (#38090304)

Finally a jailbreak for the desktop! I was tired of using locked-down hardware! I will now run a jailbroken desktop exclusively.

Re:Horray! (1, Insightful)

Anonymous Coward | more than 2 years ago | (#38090418)

Yeah but the heydays are over the next time you run Windows Update. Be Aware!

Re:Horray! (0)

Anonymous Coward | more than 2 years ago | (#38091066)

Seems like I've heard all this before..... Something about those phones I ignore.

Now i guess this will be forced down my throat along with more government required shit.

You *know* they have been leaning the FBI/CIA/ETC on Microsoft. I mean come on they have special rooms at AT&T just for monitoring but somehow *nothing* at all in the OS? Nothing now? Really???

I just don't trust it. Vulnerabilities are those paid backdoors. They just pretend it's a fuckup if one of the real backdoors is found in the midst of their numerous bugs.

Sad world we live in.

Re:Horray! (1)

Anthony Mouse (1927662) | more than 2 years ago | (#38091322)

Yeah but the heydays are over the next time you run Windows Update.

So...don't?

1) Install vulnerable Windows.
2) Install Linux, then delete all the bits of Windows not needed to boot Linux.
3) Run Windows in a VM, if at all.

Re:Horray! (1)

SuricouRaven (1897204) | more than 2 years ago | (#38091740)

This defeats one of the advantages of linux: It's free. As in beer. Companies and individuals alike approve of free - why should they spend money on something expensive if the free software is equally capable? If you have any part of Windows on the system though you'd need a Windows license.

Re:Horray! (2)

Anthony Mouse (1927662) | more than 2 years ago | (#38092324)

That's technically true, but what kind of machine is going to come with mandatory secure boot and not also come with a Windows license? Or, to put it a different way, if you're specifically buying a machine that doesn't come with a Windows license then you can easily just get one that doesn't come with secure boot.

The problem with secure boot is that it prevents people from converting older machines. You get a Windows machine, then later discover Linux and want to install it, and you can't because of secure boot. But in that case you already have the Windows license; it doesn't cost anything more.

There is a certain degree of bogosity here though. The preceding is based on the assumption that secure boot doesn't actually work: If you can root Windows, boot Linux and then run Windows in a VM, so can malware. And if that's the case then secure boot just shouldn't exist, because it's worse than useless. It doesn't stop malware and it makes it annoying to run Linux.

Whereas if it does work (and you can't turn it off) then it stops you from running Linux, which is an even more serious problem.

Windows or UEFI? (4, Insightful)

dreemernj (859414) | more than 2 years ago | (#38090314)

Is this an exploit of Windows or of UEFI in general?

Re:Windows or UEFI? (0)

bryan1945 (301828) | more than 2 years ago | (#38090464)

From what I've read, it's a Windows thing. No mention of UEFI in the article. But TFA is so slim on details... yada yada

Re:Windows or UEFI? (1)

Anonymous Coward | more than 2 years ago | (#38091254)

Neither. From the article, it appears to exploit legacy BIOS which is pointless. Secure boot is meaningless without UEFI.

UEFI doesn't have MBR (5, Interesting)

Manip (656104) | more than 2 years ago | (#38090322)

Uhh UEFI literally has no MBR, it doesn't exist. So please explain to me how this exploit functions when the MBR doesn't exist? I think he is booting his drives in the wrong mode, which is to say legacy MBR mode instead of ADAPI/UEFI mode.

Re:UEFI doesn't have MBR (3, Insightful)

Amouth (879122) | more than 2 years ago | (#38090472)

Agreed - that's my first question.. looks like they "defeated" secure boot by not using it to start with.

Re:UEFI doesn't have MBR (2)

BlackSnake112 (912158) | more than 2 years ago | (#38091008)

Plus it looks like it needs physical access to the machine. If you have physical access you can boot it anyway you want. If this was a remote hack I would be more impressed.

Re:UEFI doesn't have MBR (0)

Anonymous Coward | more than 2 years ago | (#38091058)

Wrong. The whole point of secure boot is that you will only be able to boot "approved" OSes. For high end or whitebox machines there will be a way to "approve" OSes yourself or turn secure boot off entirely but the ones you find in major stores probably won't have that option.

Re:UEFI doesn't have MBR (0)

Anonymous Coward | more than 2 years ago | (#38091234)

For high end or whitebox machines there will be a way to "approve" OSes yourself or turn secure boot off entirely but the ones you find in major stores probably won't have that option.

What a load of shit, there is no conceivable reason they would not allow secureboot to be turned off in the bios, if they wanted to stop you from booting other OSes they could have locked down BIOS features decades ago, but they didn't.

Re:UEFI doesn't have MBR (0)

Anonymous Coward | more than 2 years ago | (#38091698)

if you use the word BIOS in your message, it proves you have no idea what you are talking about. you used it twice

oh come off it (1)

Chirs (87576) | more than 2 years ago | (#38092688)

EUFI is not a PC-compatible BIOS, but it's still a "basic input output system" used to load the "real" OS. Sure, the proper word is firmware, but really I wouldn't be surprised if most people still call it the BIOS.

Re:UEFI doesn't have MBR (0)

Anonymous Coward | more than 2 years ago | (#38092728)

if you use the word BIOS in your message, it proves you have no idea what you are talking about. you used it twice

yet the point remains perfectly valid, though for some reason you seem incapable of simply substituting 'UEFI control' in place of 'bios' to see that...poor you.

Re:UEFI doesn't have MBR (1)

Miamicanes (730264) | more than 2 years ago | (#38092322)

> What a load of shit, there is no conceivable reason they would not allow secureboot to be turned off in the bios,
> if they wanted to stop you from booting other OSes they could have locked down BIOS features decades ago, but they didn't.

Until someone decides to sell subsidized, ad-supported computers locked down to stop you from installing a different, non-adlocked OS, they slowly come to dominate the market (because normal users don't value an ad-free experience, or at least don't value being able to do things beyond what the creators of the ad-supported environment felt like supporting), and eventually a computer that's unlocked becomes an exotic niche specialty item that's nearly impossible to buy at a store like Best Buy and literally costs 10-20 times as much, partly because it's such an exotic niche item with so little demand. Sure, they'll exist... but you won't just be paying the difference between the cost of the subsidized model and whatever the subsidy is. You'll be getting completely buttfsck'ed and pay *dearly* for the privilege.

Wait, it gets better. A little while later, you'll discover that Windows no longer exists as a standalone retail product, and the only way to officially get it is to buy it with a locked-down factory-built PC. Well, OK... in theory, Windows will still exist as something you can install yourself... if you're an enterprise customer. So, you hunt down a friend who has the benefit of corporate MSDN membership from work, get him to slip you a license and a copy of Windows 17, then go home and install it. And discover that it won't play sound or 97% of the videos you have, because the DRM won't allow it since you're running in an "untrusted" environment. You get mad, successfully re-encode all your media to strip out the DRM, and chalk up a victory against The Man... then realize that Youtube still doesn't work.

It won't happen tomorrow. It won't even happen next year. But rest assured, the pot is full of water, the frog is happily swimming around, and nearly-invisible blue flames are gently caressing the bottom. The day somebody decides to start selling ad-supported PC hardware, pray to ${deity} that Microsoft firmly says, "No", Linus & Stallman have a rare moment of agreement and categorically say it's a GPL violation, and Apple recoils in horror and says "no", too.

Re:UEFI doesn't have MBR (1)

RightSaidFred99 (874576) | more than 2 years ago | (#38091330)

Bullshit. It's the other way around. Very few machines will be locked down to prevent alternate OS's from being installed. It's all a bunch of FUD.

Re:UEFI doesn't have MBR (0)

Anonymous Coward | more than 2 years ago | (#38091072)

But the point of UEFI is that you _might not_ be able to boot it any way you want.

Re:UEFI doesn't have MBR (0)

Anonymous Coward | more than 2 years ago | (#38091350)

It's possible but rather unlikely that a mainstream desktop system would be shipped in a way that didn't allow the owner to choose a different OS.

The point of SecureBoot is to prevent you from running a different/modified OS _without your express knowledge/consent_.

Re:UEFI doesn't have MBR (1)

0123456 (636235) | more than 2 years ago | (#38091830)

It's possible but rather unlikely that a mainstream desktop system would be shipped in a way that didn't allow the owner to choose a different OS.

Why is that unlkely?

You buy a computer with Windows installed and the UEFI won't let it boot any other OS.

Why won't that happen?

What makes you think Microsoft won't offer better terms to companies who refuse to let other operating systems run on their hardware?

Why do you trust these people?

Re:UEFI doesn't have MBR (1)

exomondo (1725132) | more than 2 years ago | (#38092796)

Why is that unlkely?

Because there's no reason to believe it would be done.

You buy a computer with Windows installed and the UEFI won't let it boot any other OS.

Why won't that happen?

Because there's no reason to, and because if MS were involved it would be a clear anti-trust issue, and for the same reason they haven't locked down BIOS features for all these years, they could have done this already but they didn't.

What makes you think Microsoft won't offer better terms to companies who refuse to let other operating systems run on their hardware?

Why do you trust these people?

Better terms to companies for what? And what companies? You think Microsoft is going to pay all manufacturers to lock out competitors and that this is going to be seen as legal in anti-trust law? Nice conspiracy theory, bit too light on any kind of basis though.

Re:UEFI doesn't have MBR (0)

Anonymous Coward | more than 2 years ago | (#38092032)

I'd already be impressed if it boots Windows 8 in secure mode, i.e. Windows *thinks* it is in secure mode, but in actuality it isn't, with no modification of any part of Windows. A UEFI in BIOS-compatible mode, that boots of a regular MBR, then proceeds to present a fake Secure Boot environment to the Windows Boot Loader counts as such. It would be even better to do this inside a VM.

Re:UEFI doesn't have MBR (1)

operagost (62405) | more than 2 years ago | (#38091100)

Also works for the WOPR technology.

Re:UEFI doesn't have MBR (1)

utkonos (2104836) | more than 2 years ago | (#38091840)

It technically does still have an MBR called the Protective Master Boot Record or Protective MBR. This is part of the GUID Parition Table (GPT) standard. This data resides at Logical Block Address 0. So, your statement that "it doesn't exist is false." However, I believe that you are right, that he did not compromise UEFI. The article was not very clear, but he may be saying that he has been able to infect the PMBR of a GPT disk that boots from BIOS. That would make sense to me.

Also, before you decide to flame me for saying that you are incorrect, please read the spec [uefi.org] . I know it is behind a form, but you can also read about it on wikipedia [wikipedia.org] .

From the "What took so long?" Department.... (5, Funny)

apcullen (2504324) | more than 2 years ago | (#38090330)

This would have been solved sooner if Modern Warfare 3 hadn't been released last week...

Re:From the "What took so long?" Department.... (0)

Anonymous Coward | more than 2 years ago | (#38091412)

That would have been funny if you substituded Modern Warfare out with Skyrim.

Hey, buttholes, it's MY COMPUTER. (3, Insightful)

EmagGeek (574360) | more than 2 years ago | (#38090348)

I'm tired of these software vendors thinking that they own the rights to my hardware that I pay for.

Re:Hey, buttholes, it's MY COMPUTER. (2)

X0563511 (793323) | more than 2 years ago | (#38091216)

I bet you had a shitfit about the TPM as well. Which happens to have three states, and I'll hilight the interesting ones for you:
1. Active
2. Inactive (just turns off)
3. Disabled (wipes keys)

Hell, and it's Dell letting you change this - hardly a company you'd expect to let you do so.

I read the headline and... (0)

Anonymous Coward | more than 2 years ago | (#38090406)

...instantaneously punched both my hands in the air!

Not broken (5, Informative)

BitZtream (692029) | more than 2 years ago | (#38090410)

I thought the point to the UEFI secure boot thing was that the UEFI wouldn't boot without the MBR and remainder of the boot blocks being properly digitally signed.

Unless someone broke the digital signature system or found a flaw in the implementation, this sounds more like working as intended.

The article also seems to think that the boot loader is supposed to be encrypted for some silly reason.

Seems pretty clear that the article doesn't understand how it works, so its hard to imagine theres much truth in it. If you tell the UEFI to ignore digital signatures on the boot loader then yes, it has been compromised ... cause you turned it off. Intentionally turning it off doesn't count as breaking it guys, sorry.

If there was a claim of a flaw in the UEFI Secure boot implementation or design, then I'd listen, but the fact that its being called a windows exploit when it occurs before Windows has been started kinda sets off signal flares, ya know?

Re:Not broken (1)

Anonymous Coward | more than 2 years ago | (#38090792)

What? UEFI doesn't have an MBR. Sounds like YOU don't understand.

Re:Not broken (1)

exomondo (1725132) | more than 2 years ago | (#38091306)

I thought the point to the UEFI secure boot thing was that the UEFI wouldn't boot without the MBR and remainder of the boot blocks being properly digitally signed.

More to the point is why are you using an MBR on a UEFI system?

Austrian? (2)

s_p_oneil (795792) | more than 2 years ago | (#38090436)

Austrian? Maybe they should call this one the UEFInator.

Hanz: Aww, you're such a little girlie boot record.
Franz: We're going to "boot" you up.

Just another reason (-1)

Anonymous Coward | more than 2 years ago | (#38090462)

Just another reason to buy Apple!

Re:Just another reason (1)

CheshireDragon (1183095) | more than 2 years ago | (#38092546)

wow, I am an avid Apple user and I am against this quote. How about another reason to fight for what we want and not give in to companies telling us what we want?

Back in the 1980's (4, Interesting)

ackthpt (218170) | more than 2 years ago | (#38090588)

We saw all the tricks people employed to copy-protect games on the C64. Most of them were pretty weak. The most effective I recall were the methods which spread out their information gathering throughout the boot process. This prevented someone trying to break copy protection from easily identifying the part of code where the detection was executed. If Microsoft gathered information, throuhout the boot process it could easily assemble some sort of checksum to check the boot sector and identify if it wasn't genuine. Does it take more than 30 years to figure this sort of thing out?

Re:Back in the 1980's (1)

Anonymous Coward | more than 2 years ago | (#38090672)

It does if you're Microsoft...

Re:Back in the 1980's (0)

Anonymous Coward | more than 2 years ago | (#38090822)

The C64 loader known as Fastloader was an early usage of the LZH compression to bring more capacity to the tape system storage whilst reducing load times. Its true that certain security (null blocks in particular or "bad sectors") where used to validate security however these were often defeated as the primary loader needed (itself) to load into resident memory before going any further.
Per this discussion, i find it interesting again that the cat and mouse game is now afoot and it hardware level code signing is being used, its only a matter of time before some ingenious individual works or discovers the key.

Re:Back in the 1980's (2)

ackthpt (218170) | more than 2 years ago | (#38090928)

The C64 loader known as Fastloader was an early usage of the LZH compression to bring more capacity to the tape system storage whilst reducing load times. Its true that certain security (null blocks in particular or "bad sectors") where used to validate security however these were often defeated as the primary loader needed (itself) to load into resident memory before going any further.
Per this discussion, i find it interesting again that the cat and mouse game is now afoot and it hardware level code signing is being used, its only a matter of time before some ingenious individual works or discovers the key.

Create a unique signature upon installation. Have validation gathering throughout boot-up and check. There's endless variations on this sort of scheme they could employ. Ultimately, if throughout the boot processes the OS identifies something is amiss it could lock the system down, affect repair, a number of things.

It's a cat and mouse game, alright, but one where the cat seems to be very slow thinking, clumsy to react and frequenly brained with an iron skillet.

Re:Back in the 1980's (0)

Anonymous Coward | more than 2 years ago | (#38091820)

More probably the master key used to sign bootloaders is not anywhere in Windows code or UEFI ROM. MS provides a signed hash of a bootloader and a decryption key, while encryption key is stored somewhere in a vault at Redmond.

Re:Back in the 1980's (1)

Bengie (1121981) | more than 2 years ago | (#38091346)

That's just "security" through obscurity. It's just a matter of time before someone finds the code that checks the checksum and modifies it.

The whole issue is if untrusted code can load before the OS, you've already lost.

DMCA (1)

tsa (15680) | more than 2 years ago | (#38090676)

If this Austrian guy is coming to the US to talk about this, will he not be arrested immediately because of the DMCA? And is the DMCA the reason that hacks like this seem to always come from Europe? Or am I paranoid?

Re:DMCA (1)

Stan92057 (737634) | more than 2 years ago | (#38090910)

Why does it matter where he talks about it? I'm pretty sure they can sue or whatever no matter what country hes in They are a world wide corporation with offices in just about ever country.

Re:DMCA (1)

YesIAmAScript (886271) | more than 2 years ago | (#38091172)

You're paranoid. The DMCA allows reverse engineering for research.

Re:DMCA (1)

sexconker (1179573) | more than 2 years ago | (#38091528)

You're paranoid. The DMCA allows reverse engineering for research.

No it doesn't.
The reverse engineering clause only applies when there is no suitable official method of enabling compatibility, i.e., the company has gone belly up. There's also that fairly recent ruling that specifically says jailbreaking a phone is okay because moronic judges don't understand technology.

Re:DMCA (0)

Anonymous Coward | more than 2 years ago | (#38091406)

DMCA doesn't prohibit what he did. That doesn't mean anyone who doesn't like what he did, wouldn't attack him, but there's no legal basis for doing so.

Seems a little early to announce it (2)

Zorque (894011) | more than 2 years ago | (#38090702)

He probably should have waited until after W8 was released, now they have a chance to patch out all his hard work before anyone gets a chance to make use of it.

MalCon in Munbai..pfffft! (1)

Roachie (2180772) | more than 2 years ago | (#38090718)

Im waiting for TradeSecretCon in Beijing

Misleading title, Secure Boot not defeated (5, Insightful)

davidwr (791652) | more than 2 years ago | (#38090722)

Without a UEFI computer that is configured to boot only signed boot-loaders, this is not a valid test of the Secure Boot technology.

Basically, this is a case of "of course it works that way in this scenario, it's supposed to."

Re:Misleading title, Secure Boot not defeated (1)

amliebsch (724858) | more than 2 years ago | (#38091684)

Yup. FFS editors, your headline is straight up libel. FIX IT.

Windows 8 Microsoft leveraging its dominance (1)

Crashmarik (635988) | more than 2 years ago | (#38090836)

This is nice but unless its seamless and user friendly to the point of invisibility Microsoft gets what it wants, a computing environment that is that much more unfriendly to anything not windows. In this case they are going so far as making it unfriendly to old versions of windows as well as other operating systems. I guess they don't want to see future failures to adopt like they had with Vista and ME.

Well MS better have the 7 start menu / gui enterpr (1)

Joe_Dragon (2206452) | more than 2 years ago | (#38090898)

Well MS better have the 7 start menu / gui enterprise use and not the cell phone based UI How many people have touch screen laptops / desktops any ways?

Re:Windows 8 Microsoft leveraging its dominance (1)

interval1066 (668936) | more than 2 years ago | (#38091088)

Kind of sounds like you're implying UEFI roms aren't going to work with unsigned os's, am I getting that right?

Re:Windows 8 Microsoft leveraging its dominance (1)

exomondo (1725132) | more than 2 years ago | (#38091148)

This is nice but unless its seamless and user friendly to the point of invisibility Microsoft gets what it wants, a computing environment that is that much more unfriendly to anything not windows.

How is it unfriendly to anything not Windows? They are just implementing the Secure Boot feature of UEFI, if you want to boot an OS that doesn't support it then turn Secure Boot off in the BIOS.

Re:Windows 8 Microsoft leveraging its dominance (0)

0123456 (636235) | more than 2 years ago | (#38091746)

How is it unfriendly to anything not Windows? They are just implementing the Secure Boot feature of UEFI, if you want to boot an OS that doesn't support it then turn Secure Boot off in the BIOS.

And when Microsoft refuses to 'Windows certify' motherboards that don't allow you to turn it off...?

Re:Windows 8 Microsoft leveraging its dominance (1)

0123456 (636235) | more than 2 years ago | (#38091754)

Duh, that was 'refuses to certify motherboards that do allow you to turn it off', obviously.

Re:Windows 8 Microsoft leveraging its dominance (1)

exomondo (1725132) | more than 2 years ago | (#38091860)

And when Microsoft refuses to 'Windows certify' motherboards that don't allow you to turn it off...?

Your conspiracy theory doesn't match with the certification guidelines that state that it has to support UEFI Secureboot, not make it a mandatory feature that cannot be turned off.

commentors (0)

Anonymous Coward | more than 2 years ago | (#38090922)

My god, so many, many idiots. I wonder who turns on the computer for them.

This is stupid (0)

Anonymous Coward | more than 2 years ago | (#38091102)

To write to the MBR you need privileged/root access.

So, this thing that boots from MBR, gives you the root/privileged access you must have already had to write to the MBR? I give you the keys to my house, so you can change the locks and give me the key.

I don't want to be dismissive, but is this for real? It's not a hack.

WRONG (3, Informative)

amliebsch (724858) | more than 2 years ago | (#38091588)

This headline is incorrect, secure boot was not compromised. From the ARS story:

The exploit allegedly defeats the security features of Windows 8's new Boot Loader. However, Kleissner said in a message exchange with Ars Technica that the exploit did not currently target the Unified Extensible Firmware Interface (UEFI), but instead went after legacy BIOS. Kleissner said he has shared his research and paper and the paper he plans to present, "The Art of Bootkit Development," with Microsoft.

Secure boot does nothing if you have legacy BIOS.

Re:WRONG (1)

tepples (727027) | more than 2 years ago | (#38091994)

Legacy BIOS does nothing if your PC's motherboard has died and all affordable replacements have secure boot that can't be turned off and which don't let the end user install new certificates.

Re:WRONG (1)

Missing.Matter (1845576) | more than 2 years ago | (#38092100)

and all affordable replacements have secure boot that can't be turned of

Pretty big assumption you're making there.

Re:WRONG (0)

Anonymous Coward | more than 2 years ago | (#38092286)

Legacy BIOS does nothing if your PC's motherboard has died and all affordable replacements have secure boot that can't be turned off and which don't let the end user install new certificates.

You're also in a bad situation if your PC's motherboard has died and all motherboard manufacturers' factories have burned down and all existing stock is sold out...while we're on the topic of highly implausible situations that border on totally ridiculous. Seriously though why would any manufacturer do that? You think after all the heat MS has had with anti-trust regulators that for some reason they would somehow try and force motherboard manufacturers to not allow secureboot to be disabled?

What about windows users? (0)

Anonymous Coward | more than 2 years ago | (#38091870)

I don't know why you all want to screw windows users.

I, for one, want my windows computer to be safe against things like ophcrack + rainbow tables.

First I was mad at MS... (0)

Anonymous Coward | more than 2 years ago | (#38092610)

At first I was being angry seeing all the mediocrity coming from that company.

Then it turned to laughter.

Nowadays I just want to cry. They're sad. So sad.

The day I have to jailbreak my PC... (1)

Tastecicles (1153671) | more than 2 years ago | (#38092686)

...to run software I WANT TO RUN ON IT is the day my Pentium Pro comes down out of the loft.

Damnit! (1)

sgt scrub (869860) | more than 2 years ago | (#38092860)

I gave it a month after release. I totally shouldn't have put $20 on it! Oh well. The odds were too good to pass up.

What is this for? (1)

nitrowing (887519) | more than 2 years ago | (#38092862)

I don't like any of the ways this can happen. It's MY computer, I built it and sometimes I like to install Windows. Sometimes I like to play with Linux. Sometimes I like to play with overclocking and keep rebooting until it actually stays usable for more than 5 minutes. The fact that there is an exploit is good. The fact that M$ is actually trying to screw us is bad, they will try harder every year. I have never actually had a computer virus.

Re:What is this for? (1)

exomondo (1725132) | more than 2 years ago | (#38092914)

There's always one in every secureboot story. So tell me, how are they trying to screw you?
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?