|
|
Focus on Microsoft
RE: Bitlocker without PIN Feb 24 2011 09:34AM Per Thorsheim (putilutt online no) (2 replies) RE: Bitlocker without PIN Feb 24 2011 05:07PM Thor (Hammer of God) (thor hammerofgod com) (3 replies) RE: Bitlocker without PIN Feb 24 2011 09:43PM rwagg (at) robhome (dot) com [email concealed] (rwagg robhome com) (1 replies) RE: Bitlocker without PIN Feb 24 2011 08:37PM John Lightfoot (jlightfoot gmail com) (2 replies) RE: Bitlocker without PIN Feb 24 2011 09:25PM Thor (Hammer of God) (thor hammerofgod com) (2 replies) Re: Bitlocker without PIN Feb 24 2011 10:18PM Susan Bradley (sbradcpa pacbell net) (1 replies) |
|
Privacy Statement |
> "Transparent" Bitlocker with TPM and direct boot to Windows Logon is not
> a good idea in terms of security.
>
> At the Passwords^10 conference in Dec 2010, Passware revealed their
> newest versio of their forensic toolkit. You probably want to see that:
> ftp://ftp.ii.uib.no/pub/passwords10/
>
> Using Passware Forensic Toolkit you can extract the bitlocker key using
> live memory dumping through Firewire (either by using an existing
> Firewire port, or by inserting an pcmcia/expresscard firewire card). No
> need to logon to Windows there...
>
> Depending on your configuration, the hibernation file may be
> unencrypted. This can then be extracted from the disk and analyzed to
> get the bitlocker decryption key as well.
>
> Lessons learned:
> 1. Superglue for your Firewire and pcmcia/expresscard ports
> 2. Do not allow hibernation mode OR encrypt the hibernation file as well
> 3. Always use Pre-Boot Authentication (PBA) in some form (pin, password,
> smartcard..)
4. http://www.securityresearch.at/publications/windows_firewire_blocker.pdf
It should be able to mitigate the risks you outlined above.
Regards
Ansgar Wiechers
--
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq
[ reply ]