An editor should have a pimp for a brother so he'll have someone to look up to - Gene Fowler
|
|
|
Microsoft's Windows 8 secure boot process is foiled by researcher
SOFTWARE REDEVELOPER Microsoft has had its Windows 8 secure bootloader hijacked even before the operating system hit the shelves.
Security researcher Peter Kleissner is scheduled to demonstrate Stoned Lite, a bootkit that infects the master boot record (MBR) to neuter Microsoft's secure boot, next week at Malcon in India. However since his appearance at the conference is unlikely, Kleissner has been talking about how his software undermines Microsoft's latest effort at security, or locking out competing operating systems, if you will.
Microsoft announced its secure boot process as a way of ensuring that only certified operating systems can be loaded, once out of the universal extensible firmware interface (UEFI). The idea has caused concern in the open source community, as the fear is that PC vendors might not enable signed certificates for popular Linux distributions.
Kleissner claimed his exploit doesn't target Microsoft's secure boot directly but rather the legacy boot procedure. Talking to Softpedia, Kleissner said Stoned Lite infects the boot loader, storing the software "outside the normal file system".
Kleissner said, "As payload I use the command line privilege escalation. Once whoami.exe is launched, it elevates the cmd.exe process rights to SYSTEM by overwriting its security token with a duplicated system process one. [...] Additionally it will patch the password validation function (MsvpPasswordValidate) so you can use any password for any local user account to log on. You will be able to start Stoned Lite from a USB flash drive or CD where it will be only active in memory."
Although Kleissner's upcoming paper undermines one of Microsoft's key security features in Windows 8, he did commend the firm, saying, "You can compare it to TPM [trusted platform module], although Arie van der Hoeven from Microsoft announced that the secure boot feature is mandatory for OEMs [original equipment manufacturers] who want to be UEFI certified. It is a good message that security is not an option."
Perhaps the open source community's worries over any potential land grab by Microsoft have been premature. If Kleissner's work stands up to scrutiny then it looks like Microsoft's attempt to design a secure boot process has room for alternative operating systems. µ
Share this:
Share
"and claimed at Malcon him, or his representative, would show a Windows 8 Secure Boot exploit" - where? He didn't say that on Twitter. He didn't say that on his website. He didn't say that in the Softpedia interview. In all of them, he says that he has an attack that uses the BIOS boot sector. That's not code that's used by UEFI, so it can't be used to attack secure boot.
My Bad – Q.E.D.
@ mike
Hi Mike,
Thank you for coming back and not being so ferocious in your attack on my opinion; it’s partly my fault for ‘steaming-in’ with my first post.
I assumed, wrongly so it seems, that my feelings for people (who perhaps aren’t idiots) using the phrase “My Bad(s)” was misunderstood and that it’s predominantly and widely used in the US.
My pathology when seeing this wording is, however, not only shared by me alone. There appears to be many other people experiencing the same trauma when reading people’s comments using this phrase.
I am making a big assumption here, but the way you convey your feelings doesn’t actually seem that different to mine. I am not some kind of ‘Grammar Nazi’ waiting in the wings or even anyone that insists people adhere to a strict regime of ‘Proper English’; I only have a problem with “My Bad(s)” and I’ve found, through Googling, that I don’t seem to be alone in this pet-hate of this particular term!
OK, Y’All…. Here’s some sheet I found
for yo asses:
http://coolrain44.wordpress.com/2009/06/06/40-stupid-sayings-annoying-expressions/
A newer expression that is supposedly a ‘cool’ way of saying ‘my mistake’. It’s even supposed to take the place of an apology – WRONG!! Saying ‘oh, my bad’, in the place of an apology is almost as bad as ‘don’t take this the wrong way’. If you did something unintentional or wrong and you honestly feel bad about it, for God’s sake … APOLOGIZE … or don’t say anything at all!
Facebook Page:
Name: I hate the phrase "My Bad"
Category: Just for Fun - Outlandish Statements
Description: This group is for people who can't stand the phrase "my Bad"....
when someone intends to say "I'm sorry" or take blame for something they say "my Bad!".If it sends shivers down your spine, makes you cringe or just leaves you with no response when you hear someone say "my Bad!" this group is for you.
Privacy type: Open: All content is public.
http://en.wiktionary.org/wiki/Talk:my_bad
Talk: my bad
A form of this expression - or the original expression - was around in the Black inner cities in the 50's and 60's when I was a child. However it was not "my bad" as in "I did a baddee," it was MY BAG!
I absolutely hate hearing every little White, Asian, and Latino kid and adult using and misusing this expression.
Perhaps a little more research is in order here...
I am not at all sure that the people from whom you hate hearing the expression even know about "my bag".
I also have heard "my bag" (or "my thing"), from 60's or 70's. I never heard it used as "My bad" is used today.
It was usually (always?) in the negative, as in "That's not my bag." or sometimes "That's not my thing." meaning "I'm not into that."
Ex: Person #1: "I love baseball!"
Person #2: "Eh. That's not my bag. I like football." 89.14.119.52 11:47, 12 June 2010 (UTC)
[edit]
Origin of "my bad"
I agree with the previous [...previous] editor. The phrase, "my bad", did not originate in U.S. colleges/universities as noted on http://www.businessballs.com/clichesorigins.htm.
The phrase was street slang used in Black neighborhoods, that made its way, as is often the case, into mainstream slang. Many phrases that eventually became mainstream slang originated in Black neighborhoods.
Maybe, but can you find any solid evidence? If not, it's just one guy's word against another's. Equinox ◑ 17:23, 1 September 2009 (UTC)
I always assumed that "my bad" was a shortened form of "Am I bad?" (said facetiously, as in "Am I bad, or what?"), with the "A" disappearing, and the "m I" slurring into "my".
Has anyone seen anything that suggests this as a possible origin? 89.14.119.52 11:47, 12 June 2010 (UTC)
You might want to check out Sonnet 112 by Shakespeare.
***********************************************
Back to me now:
I don’t expect everybody to talk / type like they’re writing a Booker-Prize-Winning novel or new dictionary, it’s just that some things can sound like a 2 year old trying to learn to speak and that’s just plain wrong to me, not clever.
No bad feelings Mike (and others), and thanks for bring me back to earth.
Long live democracy!
@Matthew Garrett, thanks for reading and commenting.
At the time of publication the researcher has not demonstrated the hack, however he has said it works with 'legacy' BIOS and claimed at Malcon him, or his representative, would show a Windows 8 Secure Boot exploit. We will be posting a follow-up article on or soon after 25 November with details of what was shown and if indeed Microsoft's Secure Boot has been cracked.
Would you prefer people write like Herman Melville and Nathaniel Hawthorne, or Samule Clemens?
If you are going to correct others you should first place yourself above reproach. Regarding your numbered items:
1) I do not understand your point? Are you asking me if I think the term 'OK' os OK to use? Are you implying that it is not? Are you trying to use satire? I can't tell. Perhapse you should figure out what your point is, and then wite in a way that makes your point.
2) Piss-taking? Who doesn't take a piss? Do you mean Piss-talking? You wrote "Still, I doubt there are loads of half-witted bigots hitting a baseball around?" Why does uour statement use a question mark? Also, why did you discuss baseball players?
3) You typed 'is either pretentiousness or plain stupid'. You seem to be flip-flopping between describing the act and discribing the person.
In my opinion a better choice of words would be either 'is either is either pretentious or plain stupid' or 'is either pretentiousness or plain stupidity'; however, I am intelligent enough to be able to figure out what you mean even if you used improper English. Most people are.
You wrote "...using words or phrases that only mean something to a minority of people speaking the language is either pretentiousness or plain stupid." With this sentence you appear to be saying that only a minority of people don't know what the phrase 'my bad' means. I submit that most people either understand or can figure out what th ephrase 'my bad' means. Do you disagree with my assessment?
Dude, you suck.
I guess your fed up with yourself cause all I see is an idiot speaking.
@ Mike
Thank you for putting this ‘bigot’ in her place! It’s nice to get it straight from such a wonderfully educated, free-thinking, adopt-anything-that-comes-along Wiki-Linguist.
1) I’m typing this OK? Was the use of OK, OK? I know it’s a colloquial English word denoting approval, acceptance, agreement, assent, or acknowledgment, but after hundreds of years of use, I’d think people wouldn’t have to think twice about looking it up on Wiki?
2) “Coined by Manute Bol, a basketball player of Sudanese origin playing with the Golden State Warriors. Subsequently adopted by teammates.” Adopted by whom? Piss-taking team mates who thought his ‘Bad’ English was funny enough to start rubbing his face in it. Still, I doubt there are loads of half-witted bigots hitting a baseball around?
3) I understand the evolution of language and speak other languages too. Perhaps you’d like everybody to ‘type’ like “Who dat man da? He da man! me n my friend r bein dorks n yea we wanna have funny gangsr txtin siggs” – OH, MY BAD!
Having an opinion is fine; using words or phrases that only mean something to a minority of people speaking the language is either pretentiousness or plain stupid.
Thanks for the Wiki reference, but it still fills me with revulsion and I won’t be using it.
(1) No one is speaking on this page, we are typing. Your post's syntax is horrible, and you use terms like FFS and then criticize 'text speak'. You placed a paragraph in parentheses. People in glass houses...
(2) http://en.wiktionary.org/wiki/my_bad 'my bad'
Coined by Manute Bol, a basketball player of Sudanese origin playing with the Golden State Warriors. Subsequently adopted by teammates.
In other words, 'my bad' was coined by someone for whom English is a second language. It's modern use is a loose similarity to Pidgin english, where phrases like 'chop chop'.
(3) Perhapse you could get more educated in the 'real world' and not be such a bigot. Language grows and evolves over time and encorporates facets of other cultures; 'my bad' is one example of that phenomenon.
@ TDR & any other idiot using the terms 'My Bad' or 'My Bads':
"Your bad [what?]" …use and understanding of the English language?
FFS, it's not cool to say "My Bad.... “. Only mobile phone texting-twits and forum-morons use this kind of 'talk'.
Although I haven't seen the weirdo for months and I have to say, I'm extrovertly overcome by this turn of events, I would rather try to read the crap that tool-of-life-form Drashek used to deliver!
(If he reappears, it's got nothing to do with me mentioning him....)
‘Nuff said[.]
...the author did not read really what he copied. Or he left out the " these files being changed in Windows 7" on purpose to make a headline.
Where are those days where an "author" did not just copy and paste but actually do real interviews and reasearch?
My bads - following back another link says that he is attacking Windows 8 in legacy mode, but not that he has broken secure boot. Quite the opposite in fact
"Peter Kleissner was kind enough to provide some details, claiming that Microsoft and the members of the UEFI Forum are doing a good job in securing the boot chain. "
As it clearly states in the original article, he is attacking Windows 7.
From the linked article:
"Stoned Lite actually works by infecting the MBR"
and:
'“The problem with the legacy startup is that no one verifies the MBR, which makes it the vulnerable point. With UEFI and secure boot, all the boot applications and drivers have to be signed (otherwise they won’t be loaded),” Kleissner revealed.'
ie, it infects an area of code that's only used on legacy boot - not secure boot. It's the kind of attack that secure boot actually prevents.
You can't see through the cloud of your own anti MS bullshit.
He used the legacy boot feature.
What is the legacy boot Feature ?
The legacy boot feature is turning off the security feature. The thing that the dishonest faction of the Linux community say you won't be able to do.
The inevitable result of M$'s monoculture and consequent "one key unlocks nearly all computers", plus its lousy pseudo-security and unlimited flaws, is to allow M$ to promote locking up hardware too. As about 99% of the market is still either M$ or A$, this argument is a quite serious threat to Linux, eventually, by removing even the possibility of running Linux on new hardware with this excuse. -- I know the Linux types will say can always be worked around, but I don't know. Hardware locking can be pretty effective, will at least slow down porting.
And of course M$ and A$ won't weep over the difficulties it creates for Linux.