Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mastodon.social/@mrgrumpymonkey" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>mrgrumpymonkey</span></a></span> it is.</p><p>One can repartition Windows installations on the fly whilst running (and even then there are tools like <a href="https://infosec.space/tags/Wubi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Wubi</span></a> that made it easy to setup <a href="https://infosec.space/tags/dualboot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dualboot</span></a> <a href="https://infosec.space/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> & <a href="https://infosec.space/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Windows</span></a>.</p><ul><li>ISOLINUX does allow for <em>"load image into RAM and boot"</em> setups. I literally use that on <span class="h-card" translate="no"><a href="https://infosec.space/@OS1337" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>OS1337</span></a></span> because no system that can boot it will have > 16 MB RAM anyway ( 8 MB is the hard limit for bare linux kernel) so merely making Windows' bootloader to chainload <a href="https://infosec.space/tags/isolinux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>isolinux</span></a> to load that image in RAM and yeet it isn't out of the question.</li></ul><p>I just have neither a <a href="https://infosec.space/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Windows</span></a> machine nor time and spoons to make such a tool, much less to basically create even said <em><a href="https://infosec.space/tags/ProofOfConcept" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ProofOfConcept</span></a> "<a href="https://infosec.space/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a>"</em>…</p><ul><li>But thanks to <a href="https://infosec.space/tags/GoldenKeyBoot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GoldenKeyBoot</span></a>, <a href="https://infosec.space/tags/CensorBoot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CensorBoot</span></a> is unfixably insecure!</li></ul>
Recent searches
No recent searches
Search options
Only available when logged in.
shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.
Administered by:
Server stats:
250active users
shakedown.social: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.7
#goldenkeyboot
0 posts · 0 participants · 0 posts today
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://hai.z0ne.social/@kura" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>kura</span></a></span> <span class="h-card" translate="no"><a href="https://catgirl.center/@lexi" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>lexi</span></a></span> basically</p><p><a href="https://infosec.space/tags/Government" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Government</span></a> + <a href="https://infosec.space/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a>.</p><p>After all, <a href="https://infosec.space/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Windows</span></a> incudes not just the <a href="https://infosec.space/tags/_NSAKEY" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>_NSAKEY</span></a> and <a href="https://infosec.space/tags/GoldenKeyBoot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GoldenKeyBoot</span></a> <a href="https://infosec.space/tags/backdoors" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>backdoors</span></a> but <a href="https://infosec.space/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a> is a <a href="https://infosec.space/tags/PRISM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PRISM</span></a> collaborator and falls under <a href="https://infosec.space/tags/CloudAct" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudAct</span></a>, thus is not more trustworthy than [insert random tech company from <em>"P.R." China</em> here]...</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://social.hackingand.coffee/@hon1nbo" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>hon1nbo</span></a></span> <span class="h-card" translate="no"><a href="https://digipres.club/@foone" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>foone</span></a></span> yeah, but all these things would essentially necessitate <em>a fundamentally incompatible</em> <a href="https://infosec.space/tags/Fork" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fork</span></a> of the <a href="https://infosec.space/tags/USB" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>USB</span></a> standard, creating <a href="https://infosec.space/tags/costs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>costs</span></a>, <a href="https://infosec.space/tags/fragmentation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fragmentation</span></a> and lessen the likelyhood of success.</p><ul><li>Not to mention it'll require significant investments in <a href="https://infosec.space/tags/UserAwareness" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UserAwareness</span></a>, <a href="https://infosec.space/tags/Training" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Training</span></a> and would still have some issues...</li></ul><p>I gues a sort-of <em>"Secure HID Port"</em> that mandates proper authentification and does full <a href="https://infosec.space/tags/E2EE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>E2EE</span></a> from the Keyboard Matrix / Pointing Device controller up is an option, but you'd have to expect state-sponsored attackers willing to do <a href="https://www.youtube.com/watch?v=RyW0lXnoFOA" rel="nofollow noopener noreferrer" target="_blank"><em>"Kamikaze" Hacks</em></a>...</p><ul><li>There's like a <a href="https://www.youtube.com/watch?v=U7VwtOrwceo&t=4m5s" rel="nofollow noopener noreferrer" target="_blank">long talk</a> by <a href="https://infosec.space/tags/TonyChen" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TonyChen</span></a> from <a href="https://infosec.space/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a> explaining how they secured the <a href="https://infosec.space/tags/XboxOne" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>XboxOne</span></a>.</li></ul><p><a href="https://infosec.space/tags/TLDW" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TLDW</span></a>: <a href="https://www.youtube.com/watch?v=U7VwtOrwceo&t=11m2s" rel="nofollow noopener noreferrer" target="_blank">It requires custom silicon and a hard root of trust</a>…</p><ul><li>And as we saw with <a href="https://infosec.space/tags/GoldenKeyBoot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GoldenKeyBoot</span></a> all it takes is a single <a href="https://infosec.space/tags/leak" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>leak</span></a> of a <a href="https://infosec.space/tags/PrivateKey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PrivateKey</span></a> and that entire system is fucked!</li></ul><p><a href="https://infosec.space/@kkarhan/113716442182953660" translate="no" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.space/@kkarhan/1137164</span><span class="invisible">42182953660</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://transfem.social/@puppygirlhornypost2" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>puppygirlhornypost2</span></a></span> <span class="h-card" translate="no"><a href="https://social.vlhl.dev/users/navi" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>navi</span></a></span> And whilst it's easy to blame <a href="https://infosec.space/tags/GoldenKeyBoot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GoldenKeyBoot</span></a>, a leaked <a href="https://infosec.space/tags/PrivateKey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PrivateKey</span></a> that was impossible to be removed, the problem is that <a href="https://infosec.space/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Windows</span></a> is architecturally <em>"insecure-able"</em> because any changes necessary to make this not a problem would inherently mean the end for Windows as it's known to most.</p><ul><li>In fact, <em>everything</em> is done <em>better</em> by <a href="https://infosec.space/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> on the <a href="https://infosec.space/tags/Desktop" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Desktop</span></a> for almost two decades, which is why classic <a href="https://infosec.space/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a> isn't a thing on Linux systems.</li></ul><p>Shure, you get some <a href="https://infosec.space/tags/Cryptojacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cryptojacking</span></a> and some <a href="https://infosec.space/tags/CMS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CMS</span></a>|es like <a href="https://infosec.space/tags/WordPress" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WordPress</span></a> that are constantly being attacked but generally, the way <a href="https://infosec.space/tags/updates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>updates</span></a> and <a href="https://infosec.space/tags/distribution" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>distribution</span></a> of <a href="https://infosec.space/tags/Software" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Software</span></a> works on Linux Distros for the most part is completely antithetical to Windows.</p><ul><li>And that's how we got <a href="https://www.stickycomics.com/computer-update/" rel="nofollow noopener noreferrer" target="_blank">this realistic scenario</a></li></ul><p>And anything <a href="https://infosec.space/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a> could do at this point if they weren't <em>horny for money</em> but avtually cared is to <em>scrap Windows</em> and instead invest into <a href="https://infosec.space/tags/Wine" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Wine</span></a> to ease the transition...</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://eightpoint.app/@JenWithGravy" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>JenWithGravy</span></a></span> <a href="https://infosec.space/tags/CensorBoot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CensorBoot</span></a> was already irrevocably fucked when <a href="https://infosec.space/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a> lost the <a href="https://infosec.space/tags/PrivateKeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PrivateKeys</span></a> for that.</p><ul><li><a href="https://infosec.space/tags/GoldenKeyBoot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GoldenKeyBoot</span></a> basically means all <em>"<a href="https://infosec.space/tags/SecureBoot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecureBoot</span></a>"</em> is unfixably insecure!</li></ul><p>And Microsoft admitted to that <a href="https://infosec.space/tags/insecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>insecurity</span></a> with the <a href="https://infosec.space/tags/XboxOne" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>XboxOne</span></a>'s design in their own words!<br><a href="https://youtu.be/U7VwtOrwceo&t=663" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">youtu.be/U7VwtOrwceo&t=663</span><span class="invisible"></span></a></p><p><a href="https://infosec.space/tags/TLDW" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TLDW</span></a>: Don't trust any <a href="https://infosec.space/tags/blackbox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>blackbox</span></a> to do what it claims to do!</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://awscommunity.social/@Quinnypig" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>Quinnypig</span></a></span> the sheer fact that <a href="https://infosec.space/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a> and <a href="https://infosec.space/tags/Windows11" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Windows11</span></a> ain't banned across the <a href="https://infosec.space/tags/EU" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EU</span></a> to this day is an indictment to the <a href="https://infosec.space/tags/TechIlliteracy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechIlliteracy</span></a> of politicans in the <span class="h-card" translate="no"><a href="https://ec.social-network.europa.eu/@EUCommission" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>EUCommission</span></a></span> & <span class="h-card" translate="no"><a href="https://respublicae.eu/@europarl_en" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>europarl_en</span></a></span> despite</p><ul><li><a href="https://infosec.space/tags/PRISM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PRISM</span></a></li><li><a href="https://infosec.space/tags/GoldenKeyBoot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GoldenKeyBoot</span></a> (aka. <a href="https://infosec.space/tags/CensorBoot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CensorBoot</span></a> got owned!)</li><li><a href="https://infosec.space/tags/CryptoAPI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CryptoAPI</span></a> <a href="https://infosec.space/tags/backdoors" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>backdoors</span></a> <a href="https://github.com/kkarhan/windows-ca-backdoor-fix" rel="nofollow noopener noreferrer" target="_blank">they refuse to acknowledge or fix at all</a>!</li><li><a href="https://infosec.space/tags/CloudAct" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudAct</span></a></li><li>Unwillingness to comply with <a href="https://infosec.space/tags/GDPR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GDPR</span></a> out if the box</li></ul><p>and now</p><ul><li><a href="https://infosec.space/tags/Recall" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Recall</span></a> aka. the worst disguised <a href="https://infosec.space/tags/Govware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Govware</span></a> / <a href="https://infosec.space/tags/Spyware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Spyware</span></a> in existance that allows anyone to <a href="https://github.com/xaitax/TotalRecall" rel="nofollow noopener noreferrer" target="_blank">simply extract credentials</a> without the need to install a <a href="https://infosec.space/tags/Keylogger" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Keylogger</span></a>, <a href="https://infosec.space/tags/ScreenRecorder" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ScreenRecorder</span></a> and/or commit <a href="https://infosec.space/tags/ProvilegueEscalatiom" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ProvilegueEscalatiom</span></a> successfully <em>at all</em>...</li></ul><p>And since <span class="h-card" translate="no"><a href="https://cyberplace.social/@GossiTheDog" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>GossiTheDog</span></a></span> managed to get it running on a system w/o <em>"<a href="https://infosec.space/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AI</span></a>" acceleration</em> aka. <em>"<a href="https://infosec.space/tags/NPU" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NPU</span></a>"</em> it's safe to assume that it'll be perfectly possible to retroactively shove it down everyones' throats without recourse!</p><ul><li>Actually there are options for recourse besides <em>"<a href="https://infosec.space/tags/ThoughtsAndPrayers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThoughtsAndPrayers</span></a>"</em> that regulators like <span class="h-card" translate="no"><a href="https://social.bund.de/@bsi" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>bsi</span></a></span> would actually take this seriously: </li></ul><p>Like: <em>Stop using <a href="https://infosec.space/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Windows</span></a> and <a href="https://www.youtube.com/watch?v=PkKfV0ATrH4" rel="nofollow noopener noreferrer" target="_blank">get some help</a> migrating away from it to a good <a href="https://infosec.space/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> distro!</em></p><p><a href="https://infosec.space/tags/WhatYouAllowIsWhatWillContinue" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WhatYouAllowIsWhatWillContinue</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload