For a system like Windows, this is a way of offering a similar level of security to that of Mac or Linux to spite the limitations of the OS. Something which will hopefully win back some of their Server OS sales and provide a selling point for their laptops. Because people will generally want to use it when they can, it doesn't have to be 100%...just good enough to drive sales.
The only questions are; does it offer security at least comparable to what is currently offered by other platforms? To which the answer is, probably, yes; And would you quit Windows to get better security if you had to? ...To which the answer is, no.
If that is enough to make the sale, then it is good enough.
Researchers break into BitLocker
Summary
Researchers published a technique for getting around Microsoft's BitLocker disk-encryption technology, even when BitLocker is used in connection with a hardware-based Trusted Platform Module.
Topics
The security test lab of Fraunhofer SIT has published a technique for getting around Microsoft's BitLocker disk-encryption technology, even when BitLocker is used in connection with a hardware-based Trusted Platform Module.
The attack is intended to counter the widely held belief that a Trusted Platform Module (TPM) device is a foolproof way of protecting sensitive data, Fraunhofer SIT researchers said on Thursday.
"Our attack demonstration does not imply a bug in BitLocker, nor does it render Trusted Computing useless," said Fraunhofer SIT researchers Jan Steffan and Jan Trukenmüller in a statement. "BitLocker still works as well as other disk-encryption products, it only fails to fulfil an unrealistic yet common expectation."
BitLocker Drive Encryption, found in Vista, Windows 7 and Server 2008 versions of Microsoft Windows, is designed to prevent a thief from viewing protected files by tampering with a lost or stolen PC. If there is a TPM on the computer, this can be used in the encryption and decryption process for extra protection.
Microsoft told ZDNet UK it was aware of the attack, but could not immediately comment.
For more on this story, including how the researchers did it, read "Researchers break into BitLocker" on ZDNet UK.
Just In
Poor baby
Hi dickweed. Had a bad 1st Tuesday of the month? Well I don't blame ya, what with Wintel damage control workin' overtime dealing with drive-by downloads and all that.
http://blogs.zdnet.com/security/?p=5096&tag=nl.e539
ConfickerII, anyone?
lol...
http://blogs.zdnet.com/security/?p=5096&tag=nl.e539
ConfickerII, anyone?
lol...
The sad part is that he didn't even read the article.
Something M$ seems to have a problem with.
This attack involves installing malicious boot code to
snoop on the bitlocker password while faking a boot.
The attack will not be successfuk unless all of the
following holds true:
1) The attacker must gain physical access to the
machine without leaving traces which could make the
rightful user suspicious
2) The machine must allow boot from an alternate
device
3) The rightful user must then use the compromised
machine and enter the bitlocker password (which is
then recorded in a private section of the disk)
4) The attacker must then AGAIN gain access to the
machine. Not it can be stolen and the password (and
thus the data) can be retrieved.
snoop on the bitlocker password while faking a boot.
The attack will not be successfuk unless all of the
following holds true:
1) The attacker must gain physical access to the
machine without leaving traces which could make the
rightful user suspicious
2) The machine must allow boot from an alternate
device
3) The rightful user must then use the compromised
machine and enter the bitlocker password (which is
then recorded in a private section of the disk)
4) The attacker must then AGAIN gain access to the
machine. Not it can be stolen and the password (and
thus the data) can be retrieved.
And all lead to the conclusion that if my laptop is lost or stolen it is still well protected since #2 is disabled and if I ever get it back (unlikely as it will have been sold for crack money) the bad guys are not going to get a chance at #3 and #4 because its going to be wiped and re-imaged before it ever sees our network again.
So it still seems like a reasonable level of protection to me. As long as the bad guys can't socially engineer my password, I should be fine.
So it still seems like a reasonable level of protection to me. As long as the bad guys can't socially engineer my password, I should be fine.
As long as the bad guys can't socially engineer my password, I should be fine.
That specific point which you Wintel fanbuis continue to gloss over.
That specific point which you Wintel fanbuis continue to gloss over.
That specific point which you Wintel fanbuis continue to gloss over.
While you linux and crapple fanboys are also vulnerable to the exact same problem and gloss it over? You think this can't happen to you? Apples keyboards have had a keylogger injected into them, Linux has the same flaws as far as social engineering. It's not OS specific, dumbass.
While you linux and crapple fanboys are also vulnerable to the exact
same problem and gloss it over?
The previous post said that Apple and Linux were in the same
position, and you accuse them of glossing over the sameness and then
resort to name calling and abuse.
What you missed was just the inconspicuous subject line: The same
argument for Linux & Apple
Are you that desperate? Or can you not read the large print once the
term Fanboy is mentioned about you? You thought that word was the
killer word to put down Mac users and now you're upset that it is used
on you?
It's not OS specific, dumbass. Is what the previous poster was
saying - but he didn't use the word dumbass like you did.
As far as I am aware the truth is that Apple's keyboards could
have a key logger injected, but show me where there are reports of
this actually happening in the wild.
I could go on forever about possible ways to steal data from any OS -
ultimately it's not what can be done theoretically, but what is
practically done.
Theoretically someone could be about to break down your door right
now. You got a secure steel door? They've theoretically got a shape
charge. (Yep there are people trained to get into houses this way)
If my house can be robbed but isn't I'm secure. I'm certainly not going
to install roller shutters and screens on all the windows and cameras
on doors, just so I can get killed in my home like a ptevious
neighbour of mine did.
I will put in place what will actually stop the likely methods of break-
in though.
Social engineering has been breaking security since society began and
of course it's OS independent. It also allows people to steal your car,
rob you in your home etc. To link this to an Apple/Linux/WIndows war
is really pretty lame even though I see it so much on the blogs.
same problem and gloss it over?
The previous post said that Apple and Linux were in the same
position, and you accuse them of glossing over the sameness and then
resort to name calling and abuse.
What you missed was just the inconspicuous subject line: The same
argument for Linux & Apple
Are you that desperate? Or can you not read the large print once the
term Fanboy is mentioned about you? You thought that word was the
killer word to put down Mac users and now you're upset that it is used
on you?
It's not OS specific, dumbass. Is what the previous poster was
saying - but he didn't use the word dumbass like you did.
As far as I am aware the truth is that Apple's keyboards could
have a key logger injected, but show me where there are reports of
this actually happening in the wild.
I could go on forever about possible ways to steal data from any OS -
ultimately it's not what can be done theoretically, but what is
practically done.
Theoretically someone could be about to break down your door right
now. You got a secure steel door? They've theoretically got a shape
charge. (Yep there are people trained to get into houses this way)
If my house can be robbed but isn't I'm secure. I'm certainly not going
to install roller shutters and screens on all the windows and cameras
on doors, just so I can get killed in my home like a ptevious
neighbour of mine did.
I will put in place what will actually stop the likely methods of break-
in though.
Social engineering has been breaking security since society began and
of course it's OS independent. It also allows people to steal your car,
rob you in your home etc. To link this to an Apple/Linux/WIndows war
is really pretty lame even though I see it so much on the blogs.
Hi dickweed. Had a bad 1st Tuesday of the month? Well I don't blame ya, what with Wintel damage control workin' overtime dealing with drive-by downloads and all that.
http://blogs.zdnet.com/security/?p=5096&tag=nl.e539
ConfickerII, anyone?
lol...
http://blogs.zdnet.com/security/?p=5096&tag=nl.e539
ConfickerII, anyone?
lol...
Join the conversation!
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
Vendor Showcase
Facebook Activity
