Focus on Microsoft
RE: Bitlocker without PIN Feb 24 2011 09:34AM
Per Thorsheim (putilutt online no) (2 replies)
Re: Bitlocker without PIN Feb 25 2011 10:54AM
Ansgar Wiechers (bugtraq planetcobalt net)
On 2011-02-24 Per Thorsheim wrote:
> "Transparent" Bitlocker with TPM and direct boot to Windows Logon is not
> a good idea in terms of security.
>
> At the Passwords^10 conference in Dec 2010, Passware revealed their
> newest versio of their forensic toolkit. You probably want to see that:
> ftp://ftp.ii.uib.no/pub/passwords10/
>
> Using Passware Forensic Toolkit you can extract the bitlocker key using
> live memory dumping through Firewire (either by using an existing
> Firewire port, or by inserting an pcmcia/expresscard firewire card). No
> need to logon to Windows there...
>
> Depending on your configuration, the hibernation file may be
> unencrypted. This can then be extracted from the disk and analyzed to
> get the bitlocker decryption key as well.
>
> Lessons learned:
> 1. Superglue for your Firewire and pcmcia/expresscard ports
> 2. Do not allow hibernation mode OR encrypt the hibernation file as well
> 3. Always use Pre-Boot Authentication (PBA) in some form (pin, password,
> smartcard..)

4. http://www.securityresearch.at/publications/windows_firewire_blocker.pdf

It should be able to mitigate the risks you outlined above.

Regards
Ansgar Wiechers
--
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq

[ reply ]
RE: Bitlocker without PIN Feb 24 2011 05:07PM
Thor (Hammer of God) (thor hammerofgod com) (3 replies)
RE: Bitlocker without PIN Feb 24 2011 09:43PM
rwagg (at) robhome (dot) com [email concealed] (rwagg robhome com) (1 replies)
RE: Bitlocker without PIN Feb 24 2011 10:06PM
David Lum (David Lum NWEA org)
RE: Bitlocker without PIN Feb 24 2011 09:33PM
Per Thorsheim (putilutt online no)
RE: Bitlocker without PIN Feb 24 2011 08:37PM
John Lightfoot (jlightfoot gmail com) (2 replies)
RE: Bitlocker without PIN Feb 24 2011 10:42PM
Per Thorsheim (putilutt online no) (1 replies)
RE: Bitlocker without PIN Feb 25 2011 03:02AM
Thor (Hammer of God) (thor hammerofgod com)
RE: Bitlocker without PIN Feb 24 2011 09:25PM
Thor (Hammer of God) (thor hammerofgod com) (2 replies)
Re: Bitlocker without PIN Feb 24 2011 10:18PM
Susan Bradley (sbradcpa pacbell net) (1 replies)
RE: Bitlocker without PIN Feb 25 2011 03:41PM
Jim Harrison (Jim isatools org) (2 replies)
Re: Bitlocker without PIN Mar 04 2011 06:20PM
Susan Bradley (sbradcpa pacbell net)
RE: Bitlocker without PIN Feb 25 2011 06:01PM
Per Thorsheim (putilutt online no)
RE: Bitlocker without PIN Feb 24 2011 09:42PM
Per Thorsheim (putilutt online no)


 

Privacy Statement
Copyright 2010, SecurityFocus