Linked by Thom Holwerda on Sat 29th Dec 2012 16:37 UTC
Linux It's sad that we need this, but alas - Matthew Garret has made a list of Linux distributions that boot on Windows 8 PCs with Secure Boot enabled. Tellingly enough, the list is short. Very short. Can someone hack this nonsense into oblivion please?
Thread beginning with comment 546619
To read all comments associated with this story, please click here.
Maleware
by Gone fishing on Sun 30th Dec 2012 00:34 UTC
Gone fishing
Member since:
2006-02-22

I apologise in advance if this is stupid a lot of people here know more about this than me but ...

My guess is that MS's secure boot key will become available to the maleware cracker community either by leakage or cracking. This will then make it possible to create a rootkit, bootsector virus etc which will run on a secure / restricted boot system.

If this maleware then randomly changes some part of the Windows kernel and an AV removes the the virus this will leave a secure / restricted boot system unbootable. If we combine this with the fact, that many computers now do not come with installation disks but recovery partitions, which return the PC back to factory specs. You get a virus, if you remove it you loose your data. This doesn't seem to be what MS intended, if they intended to make the system more secure, rather than just be anti competitive.

This system seems to have the potential to make the security of data on an MS system worse not better (most people do not have backups) and open new venues for extortion, and problem creating by the cracker community.

Reply Score: 2

RE: Maleware
by WereCatf on Sun 30th Dec 2012 00:42 in reply to "Maleware"
WereCatf Member since:
2006-02-15

maleware


Uhh....Viagra, Fleshlight, blow-up dolls and the likes come to mind, not computer software.

Reply Parent Score: 5

RE[2]: Maleware
by Gone fishing on Sun 30th Dec 2012 01:08 in reply to "RE: Maleware"
Gone fishing Member since:
2006-02-22

Oops, brain fart, Freudian slip working Sunday.

Edited 2012-12-30 01:10 UTC

Reply Parent Score: 3

RE: Maleware
by Drumhellar on Sun 30th Dec 2012 01:00 in reply to "Maleware"
Drumhellar Member since:
2005-07-12

As far as I know, the keys used for singing Microsoft's own DLLs and validated drivers haven't been leaked yet. I doubt this is something that will change with secure boot.

Reply Parent Score: 3

RE: Maleware
by saso on Sun 30th Dec 2012 01:48 in reply to "Maleware"
saso Member since:
2007-04-18

either by leakage

Possible, though highly unlikely. If MS actually operate their signing infrastructure in any sensible way (e.g. the way a public CA is operated), then the root key is only held on an HSM (Hardware Security Module) - a separate tamper-proof purpose-built machine which will never, ever give the secret key out and only execute signing for you. The recent compromises of CAs (Comodo, Diginotar) you heard about were all done by having the attackers trick the CA into signing certificates for other domains. At no point did the attackers actually get to the secret key of the root CA.

or cracking.

As far as I understand it, UEFI is built on asymmetrical cryptography. Unless it was designed by idiots, the shipped machines only contain the public key portion, so it's impossible to retrieve the secret key.

This system seems to have the potential to make the security of data on an MS system worse not better (most people do not have backups) and open new venues for extortion, and problem creating by the cracker community.

Seeing the exploit landscape of late, and please feel free to correct me, boot viruses and worms are pretty much a thing of the past. Nowadays everybody focuses on phishing and browser exploits, since that's where the real money can be made (credit card fraud, on-line banking connection hijacking, etc.). UEFI is a solution in search of a problem (that is, if you believe the official story, that it's about protecting the customer's machine from viruses, rather than protecting the machine from the customer).

Edited 2012-12-30 01:49 UTC

Reply Parent Score: 6