Language Selection

English French German Italian Portuguese Spanish

Microsoft 'Encryption' and Intel 'Security'

Filed under
Microsoft
Security
  • You Can’t Trust BitLocker to Encrypt Your SSD on Windows 10 [Ed: Actually, it has long been known that Microsoft's BitLocker has NSA back doors. Even Microsoft staff spoke about it. It's for fools.]

    Some SSDs advertise support for “hardware encryption.” If you enable BitLocker on Windows, Microsoft trusts your SSD and doesn’t do anything. But researchers have found that many SSDs are doing a terrible job, which means BitLocker isn’t providing secure encryption.

  • Flaws in self-encrypting SSDs let attackers bypass disk encryption

    Researchers at Radboud University in the Netherlands have revealed today vulnerabilities in some solid-state drives (SSDs) that allow an attacker to bypass the disk encryption feature and access the local data without knowing the user-chosen disk encryption password.

    The vulnerabilities only affect SSD models that support hardware-based encryption, where the disk encryption operations are carried out via a local built-in chip, separate from the main CPU.

    Such devices are also known as self-encrypting drives (SEDs) and have become popular in recent years after software-level full disk encryption was proven vulnerable to attacks where intruders would steal the encryption password from the computer's RAM.

  • New Intel CPU Flaw Exploits Hyper-Threading to Steal Encrypted Data

    A team of security researchers has discovered another serious side-channel vulnerability in Intel CPUs that could allow an attacker to sniff out sensitive protected data, like passwords and cryptographic keys, from other processes running in the same CPU core with simultaneous multi-threading feature enabled.

    The vulnerability, codenamed PortSmash (CVE-2018-5407), has joined the list of other dangerous side-channel vulnerabilities discovered in the past year, including Meltdown and Spectre, TLBleed, and Foreshadow.

Windows BitLocker back doors (several of them) exacerbated

  • Flaw In SSDs Allows Hackers To Access Encrypted Data Without Password

    However, the issue runs deeper. Windows users are more risk-prone as the Windows BitLocker, a software-level full disk encryption system of Windows OS does not encrypt the users’ data at the software level upon detecting a device capable of hardware-based encryption.

    The researchers have recommended the SED users to use software-level full disk encryption systems such as VeraCrypt to protect their data.

"Microsoft for defaulting to using these broken encryption"

  • Researchers expose 'critical vulnerabilities' in SSD encryption

    After considering a handful of possible flaws in hardware-based full-disk encryption, or self-encrypting drives (SEDs), the pair reverse-engineered the firmware of a sample of SSDs and tried to expose these vulnerabilities.

    They learned that hackers can launch a range of attacks, from seizing full control of the CPU to corrupting memory - outlining their findings in a paper titled 'self-encrypting deception: weakness in the encryption of solid state drives (SSDs)'.

    There are a host of exploits that can be used, such as cracking master passwords, set by the manufacturer as a factory default. These are routinely found in many SSDs, and if obtained by an attacker could allow them to bypass any custom password set by a user.

  • Crucial and Samsung SSDs' Encryption Is Easily Bypassed

    Researchers from Radboud University in The Netherlands reported today their discovery that hackers could easily bypass the encryption on Crucial and Samsung SSDs without the user’s passwords. The researchers also pointed at Microsoft for defaulting to using these broken encryption schemes on modern drives.

    The Dutch researchers reverse-engineered the firmware of multiple drives and found a “pattern of critical issues." In one case, the drive’s master password used to decrypt data was just an empty string, which means someone would have been able to decrypt it by just pressing the Enter key on their keyboard. In another case, the researchers said the drive could be unlocked with “any password” because the drive’s password validation checks didn’t work.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Microsoft Windows Server Benchmarked Against Six Linux Distributions

While it was not too long ago that Microsoft Windows Server 2019 began shipping and that we conducted some end-of-year benchmarks between Windows and Linux, with being in the process of running a number of Windows and Linux benchmarks as part of our ongoing 10GbE OS performance testing, I also took the opportunity to run some other benchmarks on Windows Server 2016 and 2019 as well as a set of Linux distributions. With carrying out the fresh OS installations anyways for the network testing, with recently having brought over some more Phoronix Test Suite test profiles with Windows support, I decided to run some fresh Windows Server vs. Linux benchmarks anyways. Granted, not all of the tests are server-oriented and not all of the traditional Linux server distributions were used. Just take this as you wish of some fresh Windows vs. Linux performance benchmarks. Read more

Games: Lutris, Little Mouse's Encyclopedia, Team Fortress 2 and More

Roundup of Wine 4.0 Release Coverage

  • Wine 4.0 Released
    The Wine team is proud to announce that the stable release Wine 4.0 is now available.
  • Wine 4.0 Officially Released with Vulkan & Direct3D 12 Support, HiDPI on Android
    The Wine project proudly announced today the general availability of the Wine 4.0 release, a major version of the open-source software that lets Linux and macOS users install and use Windows apps on their computers. Wine 4.0 comes about a year after the Wine 3.0 release, which was the first to introduce an Android driver to allow users run Windows apps and games on devices powered by Google's Android mobile OS, Direct3D 11 support by default for AMD Radeon and Intel GPUs, a task scheduler, as well as AES encryption support on macOS. With Wine 4.0, the team continues to improve the free and open-source compatibility layer that allows Windows program to run on Linux and Mac computers, adding new features like support for the next-generation Vulkan graphics API, Direct3D 12 support, HiDPI (High-DPI) support on Android, and support for game controllers.
  • Wine 4.0 Released With New Features: Run Windows Apps On Linux Efficiently
    With Microsoft’s initiative to bring Linux Bash Shell on Windows 10, the Windows users are now able to run their favorite Linux tools on their current operating system. But what if you need to run full-fledged Windows apps and games on a Linux distro? In that case, a software like Wine is really helpful. The developers of this utility have recently released the new version, i.e., 4.0, with lots of features. Wine 4.0 is the result of a year of development effort.
  • Wine 4.0 Released With Vulkan Support, Initial Direct3D 12 Support, CSMT Enabled By Default
    After being in development for a year, Wine 4.0 is now available for download. The new stable Wine release includes important changes like support for Vulkan, Direct3D 12 and game controllers. For those that might not be familiar with it, Wine is a Windows compatibility layer for Linux that lets you run Windows applications and games on Linux, macOS, and Android (experimental). Wine is used by Proton, Valve's Steam Play compatibility layer that allows playing Windows games on Linux, and by CrossOver, a commercial Microsoft Windows compatibility layer for macOS and Linux, among others.
  • Wine 4.0 is Here with Significant New Features
    Not everyone prefers to use Wine. But, if you have a favorite app/service that is not yet available for Linux, you can try Wine in order to run Windows apps or games. For those who are not aware of Wine, it’s a software that lets you run Windows-only applications and games on Linux. Want iTune on Linux, Wine is your best bet.
  • Wine 4.0 Released With Vulkan Support, Initial Direct3D 12 and Better HiDPI
  • Wine 4.0 Officially Released With Vulkan Support, Initial Direct3D 12 & Better HiDPI
    Wine 4.0 is now officially available as the new annual stable release to Wine for running Windows programs and games on Linux and other operating systems. Following seven weekly release candidates, Wine 4.0 was ready to ship today as judged by Wine founder Alexandre Julliard. Wine 4.0 is a big release bringing initial Vulkan graphics API support, Direct3D CSMT is enabled by default, early Direct3D 12 support via VKD3D, continued HiDPI work, various OpenGL improvements, multi-sample D3D texture support, 64-bit improvements, continued Android support, and much more... See our Wine 4.0 feature overview to learn more about this big update.
  • Just over a year after the last main release, Wine 4.0 is officially here
    You might want to grab a glass for this one, no not that dusty old thing, one of the nice ones. The ones at the back of the cupboard for special occasions! Wine 4.0 is officially here. Comparing Wine 3.0 to 4.0, naturally it's a pretty huge release. Although, most people have likely been using the development builds for some time.

today's howtos