Wow; normally we'd swap out for the text-based URL, but I can't bring myself to supplant anything so exuberant. They do say (a.k.a. "studies show") that inhibitions are lowered late at night...
It's amazing... The fun part is that all the contents is in normal text in the page source. The effects are just fonts, transformations, random JS. I missed the ascii-art nfo style in security reports :)
Also quite distracting, especially since the text itself keeps moving. The "cute" presentation takes away from this major discovery and almost makes it seem like it's not something very serious.
Yeah, the jumping text is terrible for readability.
Then again, the content is still plain text. You can paste it somewhere else, and easily read it without any distractions. So it's actually still more accessible than your average web page these days.
TL;DR: Microsoft's Secure Boot bootloader is vulnerable to an attack where you use a (Microsoft-signed) supplemental boot policy instead of a regular boot policy, effectively removing the Secure Boot lock and allowing to run unsigned code.
This affects locked devices (Windows RT, Phone, ...) and might be used for jailbreaking devices as well as to attack their security.
I tried to remain as neutral as possible with the summary. My personal opinion is that it should be possible for the owner of a device to install any OS they wish, and do so without compromising the device security.
Unfortunately, we are very far away from that goal. Either there is no (official) way to unlock the bootloader, or we get a full unlock where everybody with physical access to the device can install whatever rootkit they wish.
I think that's why the "jailbreak" wording I've seen used is fairly appropriate. The flip side to the risks that result from trusting some sort of locked bootloader for security also mean that you can gain more control over your gear.
On one hand, I think that aspect is wonderful news but on the other hand, there are already a lot of options for devices with unlocked (or unlockable) bootloaders and some orgs may have specifically desired the locked option as part of their security setup and this undermines that.
The only thing that is relevant regardless is how it illustrates the flaws in any system that relies on secret master keys/backdoors
IMHO it's rather disappointing that they decided to tell MS about it, instead of just releasing it as a jailbreak, because every time secure boot comes up I'm reminded of https://www.gnu.org/philosophy/right-to-read.en.html and that classic Benjamin Franklin quote...
Windows on ARM&ARM64 channel. :: Secure Boot unlocked. Package for RT devices. https://rol.im/SecureBoot.zip Works with even full updates! See the readme inside the zip. :: you need to use the signtool
51 comments
[ 2.6 ms ] story [ 117 ms ] threadText-only mirror: https://gist.github.com/anonymous/c94cadade3a8b87dcdc52c639f...
Feel free to edit out if there's actual crack content on these, but most look either too old or just the intros: http://www.intros.c64.org/ http://defacto2.net/file/list?output=mixed&platform=-§io... http://amp.dascene.net/
Then again, the content is still plain text. You can paste it somewhere else, and easily read it without any distractions. So it's actually still more accessible than your average web page these days.
And, by running NoScript in default deny all javascript except for personal whitelist mode - I had zero audio play from the page.
Chiptune, cheesy starfield and a rotating vector. I see, a Cracktro. Hey slipstream/RoL, you forgot copper effects! ;-)
This affects locked devices (Windows RT, Phone, ...) and might be used for jailbreaking devices as well as to attack their security.
EDIT: saw your other comments :) I'm still up for more info if you have any regarding installing new apps or OS on RT
This sounds quite negative. Another (very postive) consequence is to install unsigned OS'es (read: Linux).
Unfortunately, we are very far away from that goal. Either there is no (official) way to unlock the bootloader, or we get a full unlock where everybody with physical access to the device can install whatever rootkit they wish.
Not at all. It's commonplace in UEFI motherboards. You can supply your own keys and then sign your kernel/bootloader.
Microsoft just decided the owners of these devices should not be allowed to control their device's boot process.
On one hand, I think that aspect is wonderful news but on the other hand, there are already a lot of options for devices with unlocked (or unlockable) bootloaders and some orgs may have specifically desired the locked option as part of their security setup and this undermines that.
The only thing that is relevant regardless is how it illustrates the flaws in any system that relies on secret master keys/backdoors
Yay for Let's Encrypt.
Windows on ARM&ARM64 channel. :: Secure Boot unlocked. Package for RT devices. https://rol.im/SecureBoot.zip Works with even full updates! See the readme inside the zip. :: you need to use the signtool