oh lovely, so there's a new evil maid attack vector in 'yellowkey'?
well. that's decidedly unpleasant for y'all windows folks.
Post
Replies:
6
@munin to my understanding, the backdoor cannot work if you have a password on bitlocker itself (most people don’t, but if evil maids are a nonhypothetical concern for you, you really should)
@0xabad1dea @munin yeah and it really doesn't look like a backdoor. it's just a bad design.
@Rairii found a second one too, but for leaking files into memory.
@gsuberland @munin @Rairii the fundamental problem here with judging if it's malicious is that if you *wanted* to design a highly deniable backdoor that would nonetheless work on 98% of installations, this would be a really good way to do it 😩
@0xabad1dea@infosec.exchange @gsuberland@chaos.social @munin@infosec.exchange @Rairii@labyrinth.zone "They tried to bribe me to add a backdoor, but jokes on them - it's already rushed and full of bugs."
@mavnn @0xabad1dea @gsuberland @munin i wouldn't say it's *rushed*, rather not all feature interactions were considered
yellowkey happened because they added a new thing and a winpe boot-time recovery tool for that, which can be abused to get winpe init to reach a code path that just pops a shell with derived bitlocker keys still in memory
yellowkey happened because they added a new thing and a winpe boot-time recovery tool for that, which can be abused to get winpe init to reach a code path that just pops a shell with derived bitlocker keys still in memory
@Rairii@labyrinth.zone @0xabad1dea@infosec.exchange @gsuberland@chaos.social @munin@infosec.exchange My comment was mostly a joke, but if you want to take it more seriously I don't see an unintended interaction between a boot time feature and your own OS's disk encryption as distinct from it seeming rushed. That's exactly the type of interaction you should be spending the time to think about when delivering this type of feature. Of course, sometimes something slips through even if you have put all the time and effort in but... it's not inspiring from the outside.
