Mobile security firm says it defeated Strava’s privacy feature with simple geometry
Full coverage |
Full coverage |
Companies relying on Microsoft BitLocker to encrypt the drives of their employees’ computers should install the latest Windows patches immediately. A researcher disclosed a trivial Windows authentication bypass, fixed earlier this week, that puts data on BitLocker-encrypted drives at risk.
Ian Haken, a researcher with software security testing firm Synopsys, demonstrated the attack Friday at the Black Hat Europe security conference in Amsterdam. The issue affects Windows computers that are part of a domain, a common configuration on enterprise networks.
When domain-based authentication is used on Windows, the user’s password is checked against a computer that serves as domain controller. However, in situations when, for example, a laptop is taken outside of the network and the domain controller cannot be reached, authentication relies on a local credentials cache on the machine.
To read this article in full or to leave a comment, please click here
There’s a lot of hype around the news that a computer has passed the “Turing Test” at last. But what is a Turing Test, and what does it teach us? Paul Ducklin digs into the story behind the story…
Naked Security – Sophos