@earthshine precisely that is the poibt of it and also the correct answer to #FUD by #CCSS vendors (i.e. #Microsoft) against #FLOSS (i.e. #Linux)…

• Also #transparency is key, cuz then #Backdoors (i.e. #Govware) like #GoldenKeyBoot are nearly impossible to hide.
  • The middle-ground is #SourceAvailable like #Tarsnap, where providing the client sourcecode is done as means to build #trust with #evidence to claims (in this case 'here's the code, you have custody of all the keys, we never have them!'…

@Xeniax OFC #CensorBoot never was about #Security and #Microsoft having #Govware - #Backdoors in their #CryptoAPI is nothing new.

• Just glad to have them admit publicly that they don't give a fuck about #Windows #security or #orivacy!

If this doesn't disqualify Windows & Microsoft in general then those who made that decision should be fired.

• Simply because there's no legitimate reason for them to have this kind of #Backdoor!

The only secure #encryption is #FLOSS with #SelfCustody of all the keys…

• And Windows is just #malware… #BitLocker having a #GoldenKey is just yet another piece of evidence after #GoldenKeyBoot...
  

#USpol #cyherfascism #CloudAct #GAFAMs

@zyx no.

Just admission to the truth, because #TPM are on #LPC which is just a different way to do #ISA.

• So if you rightfully account for hardware attacks, it is insecure even if you don't look at #GoldenKeyBoot!

@mrgrumpymonkey it is.

One can repartition Windows installations on the fly whilst running (and even then there are tools like #Wubi that made it easy to setup #dualboot #Linux & #Windows.

• ISOLINUX does allow for "load image into RAM and boot" setups. I literally use that on @OS1337 because no system that can boot it will have > 16 MB RAM anyway ( 8 MB is the hard limit for bare linux kernel) so merely making Windows' bootloader to chainload #isolinux to load that image in RAM and yeet it isn't out of the question.

I just have neither a #Windows machine nor time and spoons to make such a tool, much less to basically create even said #ProofOfConcept "#Malware"…

• But thanks to #GoldenKeyBoot, #CensorBoot is unfixably insecure!

@kura @lexi basically

#Government + #Malware.

After all, #Windows incudes not just the #_NSAKEY and #GoldenKeyBoot #backdoors but #Microsoft is a #PRISM collaborator and falls under #CloudAct, thus is not more trustworthy than [insert random tech company from "P.R." China here]...

@hon1nbo @foone yeah, but all these things would essentially necessitate a fundamentally incompatible #Fork of the #USB standard, creating #costs, #fragmentation and lessen the likelyhood of success.

• Not to mention it'll require significant investments in #UserAwareness, #Training and would still have some issues...

I gues a sort-of "Secure HID Port" that mandates proper authentification and does full #E2EE from the Keyboard Matrix / Pointing Device controller up is an option, but you'd have to expect state-sponsored attackers willing to do "Kamikaze" Hacks...

• There's like a long talk by #TonyChen from #Microsoft explaining how they secured the #XboxOne.

#TLDW: It requires custom silicon and a hard root of trust…

• And as we saw with #GoldenKeyBoot all it takes is a single #leak of a #PrivateKey and that entire system is fucked!

https://infosec.space/@kkarhan/113716442182953660

@puppygirlhornypost2 @navi And whilst it's easy to blame #GoldenKeyBoot, a leaked #PrivateKey that was impossible to be removed, the problem is that #Windows is architecturally "insecure-able" because any changes necessary to make this not a problem would inherently mean the end for Windows as it's known to most.

• In fact, everything is done better by #Linux on the #Desktop for almost two decades, which is why classic #Malware isn't a thing on Linux systems.

Shure, you get some #Cryptojacking and some #CMS|es like #WordPress that are constantly being attacked but generally, the way #updates and #distribution of #Software works on Linux Distros for the most part is completely antithetical to Windows.

• And that's how we got this realistic scenario

And anything #Microsoft could do at this point if they weren't horny for money but avtually cared is to scrap Windows and instead invest into #Wine to ease the transition...