Language Selection

English French German Italian Portuguese Spanish

Microsoft 'Encryption' and Intel 'Security'

Filed under
Microsoft
Security
  • You Can’t Trust BitLocker to Encrypt Your SSD on Windows 10 [Ed: Actually, it has long been known that Microsoft's BitLocker has NSA back doors. Even Microsoft staff spoke about it. It's for fools.]

    Some SSDs advertise support for “hardware encryption.” If you enable BitLocker on Windows, Microsoft trusts your SSD and doesn’t do anything. But researchers have found that many SSDs are doing a terrible job, which means BitLocker isn’t providing secure encryption.

  • Flaws in self-encrypting SSDs let attackers bypass disk encryption

    Researchers at Radboud University in the Netherlands have revealed today vulnerabilities in some solid-state drives (SSDs) that allow an attacker to bypass the disk encryption feature and access the local data without knowing the user-chosen disk encryption password.

    The vulnerabilities only affect SSD models that support hardware-based encryption, where the disk encryption operations are carried out via a local built-in chip, separate from the main CPU.

    Such devices are also known as self-encrypting drives (SEDs) and have become popular in recent years after software-level full disk encryption was proven vulnerable to attacks where intruders would steal the encryption password from the computer's RAM.

  • New Intel CPU Flaw Exploits Hyper-Threading to Steal Encrypted Data

    A team of security researchers has discovered another serious side-channel vulnerability in Intel CPUs that could allow an attacker to sniff out sensitive protected data, like passwords and cryptographic keys, from other processes running in the same CPU core with simultaneous multi-threading feature enabled.

    The vulnerability, codenamed PortSmash (CVE-2018-5407), has joined the list of other dangerous side-channel vulnerabilities discovered in the past year, including Meltdown and Spectre, TLBleed, and Foreshadow.

Windows BitLocker back doors (several of them) exacerbated

  • Flaw In SSDs Allows Hackers To Access Encrypted Data Without Password

    However, the issue runs deeper. Windows users are more risk-prone as the Windows BitLocker, a software-level full disk encryption system of Windows OS does not encrypt the users’ data at the software level upon detecting a device capable of hardware-based encryption.

    The researchers have recommended the SED users to use software-level full disk encryption systems such as VeraCrypt to protect their data.

"Microsoft for defaulting to using these broken encryption"

  • Researchers expose 'critical vulnerabilities' in SSD encryption

    After considering a handful of possible flaws in hardware-based full-disk encryption, or self-encrypting drives (SEDs), the pair reverse-engineered the firmware of a sample of SSDs and tried to expose these vulnerabilities.

    They learned that hackers can launch a range of attacks, from seizing full control of the CPU to corrupting memory - outlining their findings in a paper titled 'self-encrypting deception: weakness in the encryption of solid state drives (SSDs)'.

    There are a host of exploits that can be used, such as cracking master passwords, set by the manufacturer as a factory default. These are routinely found in many SSDs, and if obtained by an attacker could allow them to bypass any custom password set by a user.

  • Crucial and Samsung SSDs' Encryption Is Easily Bypassed

    Researchers from Radboud University in The Netherlands reported today their discovery that hackers could easily bypass the encryption on Crucial and Samsung SSDs without the user’s passwords. The researchers also pointed at Microsoft for defaulting to using these broken encryption schemes on modern drives.

    The Dutch researchers reverse-engineered the firmware of multiple drives and found a “pattern of critical issues." In one case, the drive’s master password used to decrypt data was just an empty string, which means someone would have been able to decrypt it by just pressing the Enter key on their keyboard. In another case, the researchers said the drive could be unlocked with “any password” because the drive’s password validation checks didn’t work.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Games: Stadia Scepticism, Epic, Linux Gaming Report and More

  • Stadia is about the future of YouTube, not gaming

    Yesterday, Google announced plans for a new game-streaming service called Stadia. Besides the logo, the controller, and a single game — Doom Eternal — the announcement left us with more questions than answers. Primary in my mind has been the query of why Google needs to be in the gaming business at all. Isn’t it enough to dominate web search, ads, and browsers, smartphone operating systems, and maps? What part of our lives does Google not want to know about? And then it dawned on me that we might be looking at it from the wrong perspective: what if Stadia isn’t a case of Google aggressively entering a new business sphere, but rather a defensive one to protect its existing kingdom?

  • Google Stadia's Grand Vision for Gaming Clashes With America's Shitty Internet

    Slow speeds, usage caps, and overage fees could mar the long-awaited arrival of game streams.

  • Slow Broadband, Usage Caps Could Mar Google Stadia's Game Streaming Ambitions
    I can remember being at E3 in 2000 and being pitched on the idea of a sort of "dumb terminal" for gaming. As in, you wouldn't need a computer or game console in your home, since all of the actual game processing would be accomplished in the cloud then streamed to your TV via broadband. Most of these early pitches never materialized. Initially because cloud computing simply wasn't fully baked yet, but also thanks to America' shoddy broadband. Cloud-based game streaming is something the industry has continued to push for, though nobody has yet to truly crack the market. Onlive probably tried the hardest, though again a lack of real cloud horsepower and sketchy residential broadband prevented the service from truly taking off. Undaunted, Google took to the stage at the Game Developers Conference to unveil Stadia, a looming game streaming platform that will let gamers play top-shelf games on any hardware with a Chrome browser. Google insists that the service, when it launches this summer, will be able to drive games at up to 4K resolution and 60 frames per second seamlessly between multiple devices with no need for game consoles, high-end PCs, loading times, or installs. The whole presentation is available here:
  • Epic Games CEO Tim Sweeney on PC store moderation: ‘We’re not in the porn business’

    Last year, Valve announced a hands-off approach to Steam that would allow anything onto the platform “except for things that we decide are illegal, or straight up trolling.” In addition to the Rape Day controversy, that policy has pushed Valve to take hardline stances on content revolving around child exploitation, school shootings, and most recently around tributes memorializing the New Zealand shooter. Sweeney, it seems, does not see the value it trying to protect content that pushes up against that amorphous line.

  • Linux Gaming Report and Purism Librem 15 | Choose Linux 5
    Jason goes deeper down the rabbit hole by exploring the state of Steam gaming on 9 different Linux distributions. Find out how Fedora compares to Pop!_OS. Plus, first impressions of Purism’s brand new Librem 15 v4 laptop.
  • Objects in Space released for Linux on Steam, needs you to disable Steam Play
    While the Linux version has been up on GOG for a little while, Steam was left a bit behind. Now the Linux version on Steam has been officially announced and released but there's an issue with Steam Play.
  • First-person roguelike 'Barony' released the Myths & Outcasts DLC recently, also now on GOG
    Barony is a game I hadn't honestly touched in a very long time, which all changed with the Myths & Outcasts DLC that released last month giving new ways to play. It's also now on GOG, so that's great.
  • Chasm, the adventure platformer from Bit Kid just had a big update giving more variety
    Chasm, the crowdfunded adventure platformer continues to see great post-release support with the latest big free update out now. While it's not a personal favourite of mine (I much prefer Dead Cells honestly), it's still a reasonably good game overall. In fact, it's far better than a lot of action/adventure platformers and it does look great.
  • Counter-Strike: Global Offensive now has much better queue times for Danger Zone
    Following on from the tweak to Danger Zone to focus more on duos, Valve are still tweaking their Battle Royale mode in Counter-Strike: Global Offensive as well as the game as a whole. Firstly, for Danger Zone you should now see much better queue times for matchmaking. Before this patch, I could easily see queue times around 3 to 5 minutes (often the latter) even with a lot of people online which is not ideal and frankly that makes me (and no doubt others) get bored and look to play something else. Since this patch has dropped, I've played a good 30-40 matches and not a single one has hit even 2 minutes queue time (under 1 minute mostly now!) which is a pretty huge improvement.

Nuvola: Linux Desktop Music Player for Streaming Services

Take a look at features and installation of Nuvola Music Player, a music player for Linux desktop that plays streaming music services. Read more

LibreOffice 6.2.2 Office Suite Released with More Than 50 Fixes, Download Now

While LibreOffice 6.1 is still the recommended version for those who want a more stable and well-tested LibreOffice office suite, LibreOffice 6.2.2 is here for technology enthusiasts and early adopters who want to get a taste of the latest new features and innovations in the free and open-source office suite used by millions of computer users worldwide. "LibreOffice 6.2.2 represents the bleeding edge in term of features for open source office suites, and as such is not optimized for enterprise-class deployments, where features are less important than robustness. Users wanting a more mature version can download LibreOffice 6.1.5, which includes some months of back-ported fixes.," said Italo Vignoli. Read more

New PocketBeagle pocket sized Linux computer $29.95

If you are searching for an affordable and small yet powerful Linux computer, you may be interested in the new PocketBeagle Linux computer which offers just that for $29.95. The tiny computer is now available to purchase directly from the Adafruit online store and offers a powerful 1GHz AM3358 powered Linux single board computer with a tiny form factor and open source architecture. Read more