Windows' Disk Encryption Could Be Easily Bypassed In 'Seconds'

H

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
The ability to bypass BitLocker in a matter of seconds? Yikes! It's a good thing Microsoft has already patched this flaw.

The feature, baked into Windows Vista and later, allows users to lock down their Windows PC with full-disk encryption, making it difficult or near-impossible for an attacker to gain access to data. Prior to BitLocker, an attacker could simply boot up a live Linux operating system and tap into a user's files stored on the hard drive. Now, thanks to the full-disk encryption feature, any potential attacker has to let the boot process run to prevent BitLocker's protections kicking in.
 
It was a pretty creative way of getting passed BitLocker. Good thing MS already fixed it.
 
Shmee said:
It was a pretty creative way of getting passed BitLocker. Good thing MS already fixed it.
Click to expand...

Actually......that seems like a pretty simple idea....sounds like something similar I would have done in a similar scenario.
 
natos said:
Actually......that seems like a pretty simple idea....sounds like something similar I would have done in a similar scenario.
Click to expand...
Just because it was simple doesn't mean it wasn't creative.
 
I'm no expert, but doesn't this put into question the entire encryption scheme? How well is the data actually encrypted if it can be so trivially accessed?
 
blazemonkey said:
I'm no expert, but doesn't this put into question the entire encryption scheme? How well is the data actually encrypted if it can be so trivially accessed?
Click to expand...

What does it have to do with the enrcryption, the flaw exploited the username/password policies instead of the encryption itself.
 
Seems like a good argument to let Microsoft install security updates on a regular basis! Wonder how many people who "hate" Microsoft updates won't have this patch installed and be vulnerable?
 
jardows said:
Seems like a good argument to let Microsoft install security updates on a regular basis! Wonder how many people who "hate" Microsoft updates won't have this patch installed and be vulnerable?
Click to expand...

Prolly not many will be impacted since a lot of people don't need to or bother with encrypting their hard drives. In the case of a company environment, it'll be mandated along with patches via something like SCCM or whatever. In a home environment, people usually don't use it and those that do have something to hide or are up to something with their computers so it's actually good if there are ways for law enforcement to access an encrypted Windows partition.
 
Windows encryption seemed like something that would always turn up buggered for one reason or another
 
You must log in or register to reply here.
Back
Top