Submitted via IRC for Bytram
BitLocker on self-encrypted SSDs blown; Microsoft advises you switch to software protection
Yesterday, Microsoft released ADV180028, Guidance for configuring BitLocker to enforce software encryption, in response to a clever crack published on Monday by Carlo Meijer and Bernard van Gastel at Radboud University in the Netherlands (PDF).
[...] The security researchers explain that they were able to modify the firmware of the drives in a required way, because they could use a debugging interface to bypass the password validation routine in SSD drives. It does require physical access to a (internal or external) SSD. But the researchers were able to decrypt hardware-encrypted data without a password. The researchers write that they will not release any details in the form of a proof of concept (PoC) for exploit.
Microsoft's BitLocker feature encrypts all the data on a drive. When you run BitLocker on a Win10 system with a solid state drive that has built-in hardware encryption, BitLocker relies on the self-encrypting drive's own capabilities. If the drive doesn't have hardware self-encryption (or you're using Win7 or 8.1), BitLocker implements software encryption, which is less efficient, but still enforces password protection.
[...] The hardware-based self-encryption flaw seems to be present on most, if not all, self-encrypting drives.
(Score: 1, Disagree) by shrewdsheep on Thursday November 08 2018, @09:07AM (3 children)
Be it RAID, encryption, rootkits (aka management engines, virtualization) and more, always use software, not hardware. Software can be verified, data formats can be reverse engineered or are documented. Not so much with hardware solutions.
(Score: 5, Informative) by canopic jug on Thursday November 08 2018, @09:43AM (2 children)
The actual press release from Radboud University, the Netherlands [www.ru.nl] and the preliminary report [www.ru.nl] (warning for PDF) both, though mostly the latter, point the public to Free and Open Source Software:
Further down there is a call for the manufacturers to publish their code for review.
Closed source, proprietary software kills. Maybe in this case it affects only your wallet, but the potential for worse is there.
Money is not free speech. Elections should not be auctions.
(Score: -1, Spam) by Anonymous Coward on Thursday November 08 2018, @10:14AM (1 child)
It was a quite a heartwarming scene to see an adult affectionately hugging a child. It was the sort of thing that would instantly brighten one's day. This applied even more so to the man, Erwin, who was doing the hugging. However, something was off.
Yes, this situation appeared ordinary, but something was indeed off. Could it be the lighting? What about the atmosphere? No. It was the hug itself.
Several things differentiated this from an ordinary hug; one, it lasted a strangely long amount of time; two, it involved the man's genitals and the little boy's anus; and three, it was a type of hug that would steal every last ounce of life from its recipient. And it did indeed steal everything from the child, whose naked body promptly collapsed to the ground once the "hug" was over. That boy would never breath or speak again. No longer interested in the silent child with a twisted neck, the affectionate man got up and looked in a certain direction.
Erwin looked, chose, and then sprinted towards his choice. The child looked on in terror as the hideous, obese man approached her with frightening speed. However, given the rope tightly wrapped her legs and arms, she could do nothing but wait until the man arrived to shower her with affection...
(Score: -1, Troll) by Anonymous Coward on Thursday November 08 2018, @05:23PM
Homosexuality is a sin.