
Microsoft singlehandedly proves that golden backdoor keys are a terrible idea - ashitlerferad
http://www.theregister.co.uk/2016/08/10/microsoft_secure_boot_ms16_100/
======
ry_ry
I don't know much about bug bounties & responsible disclosure, it's not my
field, so bare with me here...

If they were paid a bounty, and the issue is being addressed albeit slowly,
isn't releasing a toolkit to exploit the backdoor prior to a working fix
likely to contravene the conditions of the bounty being paid?

Or is there a fixed timeframe MS had to fix the issue before the researchers
could go public?

------
matheweis
If I'm reading this correctly, Microsoft didn't actually leak the signing key
for secure boot, but rather introduced some new firmware that doesn't check
the signature under the right circumstances...

Very handy for those who want to install other operating systems, but quite
the same as leaking the actual keys.

------
brudgers
Main discussion:
[https://news.ycombinator.com/item?id=12262564](https://news.ycombinator.com/item?id=12262564)

