Like 'pwning' Microsoft on a Microsoft/NSA platform

Summary: The pseudo-security industry (bug doors, imperialism/national security in 'security' clothing) is losing the argument; grown-ups have meanwhile classified UEFI 'secure' boot as a laughing stock and its proponents as Microsoft trolls

THE people who promote fake security just 'happen' to be the loudest and most aggressive Internet (or IRC) trolls, constantly looking to defame, threaten, blackmail, and maybe even dox both my wife and I.

They keep losing the argument, they even half-admit that (in their blogs), but somehow it's us who are the problem?

It has been nearly a year since we last wrote about UEFI 'secure' boot, i.e. outsourcing to Microsoft portrayed as some kind of Buffy-on-steroids of security. But it's back in the news [1] because of another black eye. As a reminder, there's no real solution to this [2-4]. Just reject fake security. Reject Microsoft and its Munchkins [1, 2, 3]. ⬆

Related/contextual items from the news:

1. BlackLotus UEFI Bootkit Source Code Leaked on GitHub

   The source code for the BlackLotus UEFI bootkit has been leaked on GitHub and an expert has issued a warning over the risks.





2. NSA: BlackLotus BootKit Patching Won't Prevent Compromise

   BlackLotus burst on the scene last fall when it was spotted for sale on the Dark Web for $5,000. It has the dubious distinction of being the first in-the-wild malware to successfully bypass to Microsoft's Unified Extensible Firmware Interface (UEFI) Secure Boot protections.

   UEFI is the firmware that's responsible for the booting-up routine, so it loads before the operating system kernel and any other software. BlackLotus — a software, not a firmware threat, it should be noted — takes advantage of two vulnerabilities in the UEFI Secure Boot function to insert itself into the earliest phase of the software boot process initiated by UEFI: CVE-2022-21894, aka Baton Drop, CVSS score 4.4; and CVE-2023-24932, CVSS score 6.7. These were patched by Microsoft in January 2022 and May 2023 respectively.

   But the country's top technology intelligence division warned that applying the available Windows 10 and Windows 11 patches is only a "a good first step."





3. Microsoft’s bootkit patches offer ‘false sense of security’ against BlackLotus threat, NSA says

   BlackLotus targets Windows boot by exploiting a flaw in older boot loaders, or boot managers, to set off a chain of malicious actions that compromise endpoint security. This is achieved by exploiting the Baton Drop vulnerability to strip the Secure Boot policy and prevent its enforcement.

   BlackLotus shares some characteristics with Boot Hole, a vulnerability discovered in 2020. Unlike Boot Hole, however, BlackLotus targets vulnerable boot loaders that have not been added to the Secure Boot Deny List Database (DBX) revocation list.





4. To kill BlackLotus malware, patching is a good start, but...

   Then, in research published in March, ESET malware analyst Martin Smolár confirmed the myth of an in-the-wild bootkit bypassing Secure Boot "is now a reality," as opposed to hypothetical threats raised by some experts and the usual slew of fake bootkits criminals attempted to trick fellow miscreants into buying.

   No Linux-targeting variant of the malware has been observed; BlackLotus strictly nobbles Microsoft Windows machines.