Just curious where you got that from?Pretty much describes every erosion of Windows as an OS... a ring zero kernel with crap bolted on in awkward ways.
They finally learned their lesson on the security stuff, or so folks thought, and then it was found there was a massive on-purpose back door in Bitlocker...
Just curious where you got that from?
I would still call it secure. I agree if you have enough time, resources and knowledge anything can be broken, it's designed by a program and by definition can be broken into. Question is how many people can do it? It's like securing your house, u can put as many security systems and bolts on your door, no one is stopping anyone taking a chain saw and making a whole in the wall to get in, unless you leave in a nuke proof bunker that is, and from what I have seen, our navy guys still busted something like that and busted someone's behind from there in IraqThe Bitlocker thing? Articles on it weeks ago. All one has to do is boot into some maintenance thing and completely bypass it. MSFT said they couldn't patch it because it was designed to help manufacturers do something, I forget. Google around, you'll find it.
But beyond that, my airplane co-owner who runs a computer store had a laptop with Bitlocker and then a number of lost passwords that needed to have something retrieved off of it, including the BIOS security password.
The techs had figured out how to access the BIOS via JTAG on the motherboard (may have even had to solder leads to the pads, I don't know) and disable/rewrite that password in an hour, and as he put it, "Bitlocker was the easy part". The third lost password was the OS login password, and that presented no particular problem to the techs either.
He doesn't share his tech's tricks, both because it would hurt business and also because most folks believe the stuff is actually secure, so why worry them? Most don't even know what JTAG is.
I remember the Bitlocker bypass article because I sent it to some do-workers and we had a good chuckle because a couple of our customers think it's secure, and require it on mobile systems like laptops. They probably think it's secure because they tie it to the BIOS trusted computing stuff, but things like accessing the BIOS via JTAG aren't usually protected against.
If you have physical access and unlimited time with the hardware, there's always a way. But the BIOS stuff is, in the grand scheme of things, relatively easy if your techs know some electronics. Every board needs a way for the manufacturer to test it and program it during assembly.
Other attacks that have been really successful on both Windows and Mac take advantage of the I/O interfaces like USB having DMA built into the hardware. If the machine is booted and the desired information is in RAM, it's accessible. Even on machines with the USB ports disabled, there's usually a pin header or pads inside where USB is alive and well... maybe ten seconds of tack soldering required to get at it.
I would still call it secure. I agree if you have enough time, resources and knowledge anything can be broken, it's designed by a program and by definition can be broken into. Question is how many people can do it? It's like securing your house, u can put as many security systems and bolts on your door, no one is stopping anyone taking a chain saw and making a whole in the wall to get in, unless you leave in a nuke proof bunker that is, and from what I have seen, our navy guys still busted something like that and busted someone's behind from there in Iraq
Sent from my SM-G935V using Tapatalk
I will have to respectfully disagree, with TPM, and if the boot drive is protected, there is no way a joe blow can Crack it. Now if I have access to a Datacenter, I can Crack 2048 bit encryption as well, doesn't mean it's not secureAnyone with Google and another laptop, which is exactly what Bitlocker is supposed to guard against -- someone stealing the device. For what it was created for, it blows chunks. Technicolor chunks.
I will have to respectfully disagree, with TPM, and if the boot drive is protected, there is no way a joe blow can Crack it. Now if I have access to a Datacenter, I can Crack 2048 bit encryption as well, doesn't mean it's not secure
Sent from my SM-G935V using Tapatalk
I don't think you got the point. A firm got around apple security in iPhone on a legal case, doesn't mean u and I can do it. A lot of hackers get around a lot of federal security sites, doesn't and Bobby, my next door neighbor is going to get it done.I'll let the folks know who did it ... that they didn't do it. LOL.
I don't think you got the point. A firm got around apple security in iPhone on a legal case, doesn't mean u and I can do it. A lot of hackers get around a lot of federal security sites, doesn't and Bobby, my next door neighbor is going to get it done.
Anyway, security is overrated , I will leave it that. Every security can be broken, be it computer security, a bank vault, a VIP detail, or the door knob. Doesn't mean it's weak, it just mean the right person is not aiming for it.
Peace
Sent from my SM-G935V using Tapatalk
there must be a backdoor there
Lock engineers nemesis
Bitlocker is extremely weak sauce and is breakable by a teenager with a laptop because the morons at MSFT built a back door into it
not disagreeing with you on the overall computer security thing, but I do disagree with the statement above. its not as u describe, to prove it I am more than happy to send you a drive/USB in mail, bitlocker encrypted, you take your time, open it and let me know the name of the file and the contents in it. and do by whatever internet article claims it can be cracked by a teenager and have a step by step article for it. if you can, will talk.
I will say this again, its a software based encryption and with right resources it can be cracked. the operative word being "right resources". there is a reason every enterprise out there destroys there hard drive physically, because if u don't and just wipe it with a secure wipe, even with DOD standards, that data can be recovered with the "right resources"
You missed completely how it was bypassed and can still be. The auth step prior to boot can be fooled into unlocking the drive. Nobody is silly enough to attack the encryption directly, that's like walking into a brick wall for anyone without GovBucks. You attack the back and side doors not the brick wall. Bitlocker on a typical laptop is toast. That's how the folks I know got past it.
GovBucks buys a LOT of custom parallel processing hardware on open, grey, and black budgets these days and have for a decade.
As far as encrypting things goes, lots of evidence of math being slid into algorithms by folks that isn't audited well. MSFT being one of the worst on that their code isn't even available to audit, let alone been audited by thousands and holes as broad as a barn door still being found in wrapper implementations around the encryption like OpenSSL's debacle a year or so ago.
This hole in Bitlocker auth existed from day one until 2015, as an example:
https://www.google.com/amp/www.comp...rivial-windows-authentication-bypass.amp.html
I didn't, BitLocker is an drive encryption tool. it protects against someone gaining access to your data when the laptop is stolen. the recommended steps to set up bitlocker is to set up a boot up TPM + PIN + USB and that cannot be cracked (just because Jonny don't want to go through the hassle of protecting his computer the right way, doesn't make the algorithm vulnerable). if the "Folks" you are referring to had admin access, there were no Boot PIN and just grabbed the decryption key from the memory, that's not cracking BitLocker, that's like grabbing my door lock key from under a stone and opening the door. most people use hibernation / sleep - that's live as far as RAM is concerned, that's not the way you want to protect your computer if you are serious about it. the article you shared was long before boot PIN was introduced via TPM. in Vista days very few computer actually had TPM and the article is based on a computer that didn't have pre-boot PIN, which is a recommended step
so, yeah any teenager with an internet connection cracking bitlocker .. not gonna happen. the sole purpose of bitlocker is encrypting the drive, take up on my offer, and send my USB to the "Folks" who claimed to crack bitlocker and have them do it in my lifetime.
I don't even know what we are arguing about anymore. My comment was on the fact that any teenager with a laptop and Google can Crack bit locker, no they can't. Just because one doesn't pay for a laptop with TPM, or doesn't use the recommended settings, doesn't make it msfts fault, or any software vendors fault. It's a software, they will have glitches, a security researcher finding a flaw, doesn't make it insecure for general public. If one doesn't want to follow the steps to do it right, I don't think complaining about it and blaming it on the software helps. But again, that may be just me.
Sent from my SM-G935V using Tapatalk
And yes, I do work somewhere where we do it right and a part of my job is to ensure other companies do it right, some pay attention, some don't. Those who don't comes back months /years later after learning the hard way and then do it right
Sent from my SM-G935V using Tapatalk
I would still call it secure. I agree if you have enough time, resources and knowledge anything can be broken, it's designed by a program and by definition can be broken into. Question is how many people can do it? It's like securing your house, u can put as many security systems and bolts on your door, no one is stopping anyone taking a chain saw and making a whole in the wall to get in, unless you leave in a nuke proof bunker that is, and from what I have seen, our navy guys still busted something like that and busted someone's behind from there in Iraq
Sent from my SM-G935V using Tapatalk
I cannot dual boot if the machine is protected with bit locker the rt wayAbout 3 years before I retired from IBM, I wrote a bit of code that will let me hack any Windows 7 password (it also worked on XP and 98). I just dusted it off a week ago and used it to unlock a Windows 10 machine.
Apparently, MIcrosoft hasn't really improved their security, ever.
Hint: Boot from a Linux CD or USB key, so the WinWhatever is not running at all.
BTW: If you don't have bootable cd's with Bit Defender and AVG (you need to run both), you're AntiVirus software (I don't care what version or how much you paid for it) isn't getting everything off your machine.
I check my remaining WinLoser machine once a week, and I run the best AntiVirus protection in the world (I should know, I was one of the original creators).
That's not the bit lockers fault , is it? It's the fault of the user who didn't bother to read instructions.And you still missed the point that MSFT markets it as "security". Without digging into their best practices Docs, something a consumer will NEVER do, and reading about this stuff, they'll follow on-screen instructions.
Those instructions also DO NOT include any of this info that you or I know about how to implement Bitlocker and barely even mentions it as you enable it.
The average user will turn it on, set a password only for authentication, and then leave their computer turned on in sleep mode, or let it go into hibernation mode in their laptop bag for the entire lifetime of the laptop and never know that Bitlocker literally isn't doing anything at all for them. Zero. Nothing. Nada.
But the sceen instructions and all the public marketing will say it's "security".
And you still didn't answer the question. Is every single system and every single project and company you've ever worked at doing every single best security practice? Ever work at one that did or think you ever will? Ever work at any organization that didn't have at least one gaping security hole caused by an exec who didn't want to be bothered with something inconvenient?
Like I said, Fortune 100 financial company, one email, 70% of the staff sent passwords.
There's so few places that are actually even close to being secure about computing, it's laughable at how much money pours into that sector for so little gain.
We already know via credible sources that various insanely expensive and large IT segments attached to government TLAs have been successfully attacked. Some more than once. DOI had a great "run" there for a couple of years there where they were completely shut down for days cleaning up malware and virii nearly every month.
If the average coder codes even two bugs for every bug they fix, and most researchers say that number is way too low, but we'll use it for the discussion, the number of bugs overall and security bugs as a ride-along, is a multiplier. Think compound interest. That's where the industry continues to go with a wall of excuses for it and very little thought going into how to reverse that ratio.
The 2015 Bitlocker vulnerability (long since patched) required that the target machine be logged into a domain when stolen. The attacker then needed to set up a fake duplicate domain controller configured in such a way that then the stolen computer tried to log in with the cached username the hacker figured out a way to alter the client OS code in such a way that the fake domain controller would offer to reset the users password.
That wasn't really a Bitlocker bug, it was a windows authentication bug. And setting up that duplicate domain controller is not 'trivial'.
Computers not under domain control didn't have the problem. Computers with a boot time bitlocker PIN or password didn't have the problem.
In any case, this bug was fixed long ago.
https://technet.microsoft.com/library/security/MS15-122
I don't think you are getting the point. The point is if u set up bit locker right, average Joe, and super Joe cannot Crack it, that's includes the people u mentioned claim to Crack it. Ask them what the situation was, did they have admin access? Boot pin? Was the laptop sleeping? Hibernating? If any of the answers to the questions above is yes, then no, sorry to break the bubble, they didn't Crack anything, they recovered the decryption key from memory. It's not rocket science. And they claim to bypass the boot pin using JTAG , and the pc was not sleeping and they didn't have access to the decryption key in the memory, we'll then they are just bragging something that's not possible. Because if the drove was cold and the pc was shut down the only way to bypass bitlocker is via brute force, and good luck with that.That IS trivial. Setting up a DC is "start up the VM I published and change the domain name" level of easy, these days. (And no, the kids doing it don't care in the slightest they don't have a legitimate copy of Windows Server inside their VMs the pass around. Five minutes of work, tops.
I don't think you guys realize how the newbies work on these things. Nobody is walking across the room to the big tower with a stack of floppy disks to install Windows NT 3.5.1 these days.
Spinning up any OS to mess with it on a virtualization platform and network is maybe Jr High level work in this field today. Anybody loading OSs by hand is truly doing dinosaur age work at this point. Entire racks of hardware have been being loaded with automation for over a decade, and doing it on the desktop is kiddie stuff these days.
The fact that people don't bother to read instructions doesn't mean it's softwares fault.
They finally learned their lesson on the security stuff, or so folks thought, and then it was found there was a massive on-purpose back door in Bitlocker...
As far as the sleep/hibernate thing - haven't seen a laptop anyone uses daily get shut all the way down in a decade either ... or anyone force disabling hibernation mode on laptops.
Between Windows 10 Fast Startup mode and Intel's Management Engine Interface, does powering off really make much difference any more?
Do you have a link to the back door in Bitlocker?
I know of a well published back door from last year, but that had to do with UEFI Secure Boot - but that's different from Bitlocker.
Haven't seen any lappies at the price points we are buying at, show up with MEI in them yet, though.
I thought ME was a non-optional hardware component in all chipsets Haswell and newer.
Love it!