Tag Archive for: BitLocker

BitLocker encryption can be defeated with trivial Windows authentication bypass

Companies relying on Microsoft BitLocker to encrypt the drives of their employees’ computers should install the latest Windows patches immediately. A researcher disclosed a trivial Windows authentication bypass, fixed earlier this week, that puts data on BitLocker-encrypted drives at risk.

Ian Haken, a researcher with software security testing firm Synopsys, demonstrated the attack Friday at the Black Hat Europe security conference in Amsterdam. The issue affects Windows computers that are part of a domain, a common configuration on enterprise networks.

When domain-based authentication is used on Windows, the user’s password is checked against a computer that serves as domain controller. However, in situations when, for example, a laptop is taken outside of the network and the domain controller cannot be reached, authentication relies on a local credentials cache on the machine.

To read this article in full or to leave a comment, please click here

Network World Security

Encryption canary or insecure app? TrueCrypt warning says use Microsoft’s BitLocker

If you attempt to visit truecrypt.org, you will be redirected to truecrypt.sourceforge.net and see, “WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues.”
Ms. Smith’s blog