Subscribe via e-mail: 
Mon 7 Dec 2009
BitLocker cracked? Office 2010 discount – Black screen of death – MinWin – Exchange 2007 on Windows Server 2008 R2 – and more
By Michael Pietroforte | 2 Comments | Permalink | Trackback | Previous | Next- Attack on Windows BitLocker
It appears BitLocker is not that much better than TrueCrypt as I’ve claimed before. - Microsoft begins presales of Office 2010 (20% discount)
- Microsoft denies blame for ‘black screens of death
- Office 2010 Tool: Office Environment Assessment Tool
- Office 2010 Tool: Compatibility Inspector
- Mark Russinovich on MinWin, the new core of Windows Best article about MinWin I’ve read so far.
- Microsoft: No Exchange 2007 on Windows Server 2008 R2 until SP3
- Get Free Windows Server 2008 R2 Training
- Why Hyper-V cannot boot off of SCSI disks (and why you should not care)
- Microsoft wants your Windows 7 tips & tricks
- Windows Server 2008 R2 Feature Components poster
- Windows Server 2008 R2 BranchCache Design Guide (29 pages)
- Microsoft Changes Browser Ballot Screen As EU Deal Nears
- Windows 7 and Windows Server 2008 R2 DirectAccess IT Infrastructure Compatibility
- Microsoft releases next two pieces of Forefront security suite (TMG 2010, UAG 2010)
- Windows 2000 Server, Windows 2000 Client and Windows XP SP2 Support Ends July 2010
- Cardiff University researchers found that pop-ups impact efficiency How much economic damage was caused by UAC already?
This sounds like a somewhat similar method as used to gain access to the TrueCrypt encrypted volumes – similar in the sense that physical access is what allows these attacks to be carried out.
We’ve already had discussion on physical access before in the thread about TrueCrypt. (http://4sysops.com/archives/truecrypt-hard-disk-encryption-cracked-nero-disc-burning-free-windows-7-adoption-windows-7-activation-cracked/) I know that we disagree on the subject of physical access compromising any security (including full disk encryption), but I do feel (as with TrueCrypt) that this also would not be considered as ‘cracking’ BitLocker. This is merely another form of social engineering to get the user to enter their legitimate PIN so as to use it for malicious purposes.
I think social engineering always involves communication between the attacker and the victim which is not the case here. Microsoft meanwhile acknowledged this attack. Even though they say it is unlikely, I believe that they will find a way to fix this security hole.