Encryption backdoors don\u2019t work; the latest proof of that was discovered by security researchers Slipstream and MY123. This time, the security flub-up involves \u201cgolden keys\u201d that can unlock Windows devices allegedly protected by Secure Boot.The researchers sounded the alarm, saying Microsoft messed up and accidentally leaked the security key that is supposed to protect Windows devices from attackers as a box boots up. This same flaw could be used by the machine\u2019s owner to jailbreak a locked box and run a different OS like Linux\u2014anything really, so long as it is cryptographically signed.Microsoft said Secure Boot, which is a feature of Unified Extensible Firmware Interface (UEFI) firmware, \u201censures that each component loaded during the boot process is digitally signed and validated. Secure boot makes sure that your PC boots using only software that is trusted by the PC manufacturer or the user.\u201dSecure Boot is also supposed to ensure that Windows Phone or Windows RT device owners cannot disable it and install something like Android.To wrap your head around the problem exposed by the researchers, you need to grasp Secure Boot policies. (If you prefer, you could try reading a less spastic and quieter version of the researchers\u2019 report via the source code.)The researchers explained policies, as well as how Microsoft has tried to patch its \u201cscrew-ups\u201d multiple times. The researchers did disclose the issue to Microsoft. Microsoft released MS16-094 in July, but it didn\u2019t completely fix the problem. In fact, the researchers said it didn\u2019t do \u201canything useful.\u201dMicrosoft tried again in August. Yesterday\u2019s Patch Tuesday included the \u201cimportant\u201d rated security feature bypass patch MS16-100. You can be sure Microsoft\u2019s notes on the patch don\u2019t include any mention of the fix stopping people from unlocking their Secure Boot devices: Attackers, yes, they are mentioned. Owners jumping Microsoft\u2019s ship in favor of a Linux train? Not so much.Well, now the key-disabling script is floating in the cyber ether. It would allow anyone with physical access to a Windows device, or admin rights, to bypass Secure Boot. The disabling feature was meant to be used by developers. The researchers exploited this design flaw. They doubt Microsoft can ever fully revoke the leaked keys.Slipstream wrote, \u201cIt'd be impossible in practice for MS to revoke every bootmgr earlier than a certain point, as they'd break install media, recovery partitions, backups, etc.\u201dThe duo said this is just another example showing that encryption backdoors don\u2019t work. Their write-up also included a message for the FBI.About the FBI: are you reading this? If you are, then this is a perfect real world example about why your idea of backdooring cryptosystems with a "secure golden key" is very bad! Smarter people than me have been telling this to you for so long, it seems you have your fingers in your ears. You seriously don't understand still? Microsoft implemented a "secure golden key" system. And the golden keys got released from MS own stupidity. Now, what happens if you tell everyone to make a "secure golden key" system? Hopefully you can add 2+2...Are you a Windows Phone user upset about the lack of app choices such as the Pokemon Go app for Windows? Sure, there was a go-around until the latest update.\u00a0If you\u2019ve had it with your Windows Phone, the truth is out there\u2014the files aren\u2019t hard to find if you want to switch to a different OS.Otherwise, if you just want the flipping problem fixed so attackers can\u2019t exploit it, you might not want to hold your breath for that one. Again, the researchers don\u2019t think Microsoft can fully fix it.