Language Selection

English French German Italian Portuguese Spanish

Microsoft 'Encryption' and Intel 'Security'

Filed under
Microsoft
Security
  • You Can’t Trust BitLocker to Encrypt Your SSD on Windows 10 [Ed: Actually, it has long been known that Microsoft's BitLocker has NSA back doors. Even Microsoft staff spoke about it. It's for fools.]

    Some SSDs advertise support for “hardware encryption.” If you enable BitLocker on Windows, Microsoft trusts your SSD and doesn’t do anything. But researchers have found that many SSDs are doing a terrible job, which means BitLocker isn’t providing secure encryption.

  • Flaws in self-encrypting SSDs let attackers bypass disk encryption

    Researchers at Radboud University in the Netherlands have revealed today vulnerabilities in some solid-state drives (SSDs) that allow an attacker to bypass the disk encryption feature and access the local data without knowing the user-chosen disk encryption password.

    The vulnerabilities only affect SSD models that support hardware-based encryption, where the disk encryption operations are carried out via a local built-in chip, separate from the main CPU.

    Such devices are also known as self-encrypting drives (SEDs) and have become popular in recent years after software-level full disk encryption was proven vulnerable to attacks where intruders would steal the encryption password from the computer's RAM.

  • New Intel CPU Flaw Exploits Hyper-Threading to Steal Encrypted Data

    A team of security researchers has discovered another serious side-channel vulnerability in Intel CPUs that could allow an attacker to sniff out sensitive protected data, like passwords and cryptographic keys, from other processes running in the same CPU core with simultaneous multi-threading feature enabled.

    The vulnerability, codenamed PortSmash (CVE-2018-5407), has joined the list of other dangerous side-channel vulnerabilities discovered in the past year, including Meltdown and Spectre, TLBleed, and Foreshadow.

Windows BitLocker back doors (several of them) exacerbated

  • Flaw In SSDs Allows Hackers To Access Encrypted Data Without Password

    However, the issue runs deeper. Windows users are more risk-prone as the Windows BitLocker, a software-level full disk encryption system of Windows OS does not encrypt the users’ data at the software level upon detecting a device capable of hardware-based encryption.

    The researchers have recommended the SED users to use software-level full disk encryption systems such as VeraCrypt to protect their data.

"Microsoft for defaulting to using these broken encryption"

  • Researchers expose 'critical vulnerabilities' in SSD encryption

    After considering a handful of possible flaws in hardware-based full-disk encryption, or self-encrypting drives (SEDs), the pair reverse-engineered the firmware of a sample of SSDs and tried to expose these vulnerabilities.

    They learned that hackers can launch a range of attacks, from seizing full control of the CPU to corrupting memory - outlining their findings in a paper titled 'self-encrypting deception: weakness in the encryption of solid state drives (SSDs)'.

    There are a host of exploits that can be used, such as cracking master passwords, set by the manufacturer as a factory default. These are routinely found in many SSDs, and if obtained by an attacker could allow them to bypass any custom password set by a user.

  • Crucial and Samsung SSDs' Encryption Is Easily Bypassed

    Researchers from Radboud University in The Netherlands reported today their discovery that hackers could easily bypass the encryption on Crucial and Samsung SSDs without the user’s passwords. The researchers also pointed at Microsoft for defaulting to using these broken encryption schemes on modern drives.

    The Dutch researchers reverse-engineered the firmware of multiple drives and found a “pattern of critical issues." In one case, the drive’s master password used to decrypt data was just an empty string, which means someone would have been able to decrypt it by just pressing the Enter key on their keyboard. In another case, the researchers said the drive could be unlocked with “any password” because the drive’s password validation checks didn’t work.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Meet CSI Linux: A Linux Distribution For Cyber Investigation And OSINT

With the steady rise of cybercrimes, companies and government agencies are involving themselves more in setting up cyber investigation labs to tackle the crime happening over the Internet. Software tools are like arms that play a significant role in the investigation process. Hence, Computer Forensics, Incident Response, and Competitive Intelligence professionals have developed a Cyber forensics focussed operating system called CSI Linux. Read more

Today in Techrights

today's leftovers

  • Word Embeddings Simplified

    Recently I have been dwelling with a lot of NLP problems and jargons. The more I read about it the more I find it intriguing and beautiful of how we humans try to transfer this knowledge of a language to machines. How much ever we try because of our laid back nature we try to use already existing knowledge or existing materials to be used to make machines understand a given language. But machines as we know it can only understand digits or lets be more precise binary(0s and 1s). When I first laid my hands on NLP this was my first question, how does a machine understand that something is a word or sentence or a character.

  • Coronavirus wreaking havoc in the tech industry, including FOSS

    At FOSS Linux, you may wonder why we are covering the coronavirus and how it relates to Linux and open-source software? Aside from the apparent effect of the slowdown in components required for Linux to run on,  the coronavirus outbreak directly impacts several products featured in FOSS Linux over the past year. Purism – the brains behind the Librem 5 phones powered by PureOS are the most directly affected by the outbreak, suffering production delays. Dell – the titanic computer manufacturer, has hinted at a possibility of interruption of supplies, which could affect the availability of the Dell XPS 13 Developer Edition preloaded with Ubuntu 18.04. System76 – these creators of Pop_OS! 19.10 recently announced their foray into the world of laptop design and manufacturing.  The coronavirus could adversely affect this endeavor. Pine64 – maker of the Pinebook Pro, the affordable laptop which supports most, if not all, Linux distros featured on FOSS Linux also is under threat of production delays.

  • Announcing the release of Samza 1.3.1

    We have identified some issues with the previous release of Apache Samza 1.3.0.

  • Scientists develop open-source software to analyze economics of biofuels, bioproducts

    BioSTEAM is available online through the Python Package Index, at Pypi.org. A life cycle assessment (LCA) add-on to BioSTEAM to quantify the environmental impacts of biorefineries -- developed by CABBI Postdoctoral Researcher Rui Shi and the Guest Research Group -- is also set to be released in March 2020. To further increase availability of these tools, Guest's team is also designing a website with a graphical user interface where researchers can plug new parameters for a biorefinery simulation into existing configurations, and download results within minutes.

    BioSTEAM's creators drew on open-source software developed by other researchers, including a data bank with 20,000 chemicals and their thermodynamic properties.

  • Mirantis Joins Linux Foundation's LF Networking Community

    Mirantis, the open cloud company, today announced it has joined the Linux Foundation's LF Networking (LFN) community, which facilitates collaboration and operational excellence across open networking projects. LFN software and projects provide platforms and building blocks for Network Infrastructure and Services across Service Providers, Cloud Providers, Enterprises, Vendors, and System Integrators that enable rapid interoperability, deployment, and adoption. LF Networking supports the largest set of networking projects with the broadest community in the industry that collaborate on this opportunity.

  • Google Announces The 200 Open-Source Projects For GSoC 2020

    Google's Summer of Code initiative for getting students involved with open-source development during the summer months is now into its sixteenth year. This week Google announced the 200 open-source projects participating in GSoC 2020.  Among the 200 projects catching our eye this year are GraphicsFuzz, Blender, Debian, FFmpeg, Fedora, FreeBSD, Gentoo, GNOME, Godot Engine, KDE, Mozilla, Pitivi, The GNU Project, VideoLAN, and X.Org. The complete list of GSoC 2020 organizations can be found here. 

  • Myst (or, The Drawbacks to Success)

    After listening to the cultural dialog — or shouting match! — which has so long surrounded Myst, one’s first encounter with the actual artifact that spurred it all can be more than a little anticlimactic. Seen strictly as a computer game, Myst is… okay. Maybe even pretty good. It strikes this critic at least as far from the best or worst game of its year, much less of its decade, still less of all gaming history. Its imagery is well-composited and occasionally striking, its sound and music design equally apt. The sense of desolate, immersive beauty it all conveys can be strangely affecting, and it’s married to puzzle-design instincts that are reasonable and fair. Myst‘s reputation in some quarters as impossible, illogical, or essentially unplayable is unearned; apart from some pixel hunts and perhaps the one extended maze, there’s little to really complain about on that front. On the contrary: there’s a definite logic to its mechanical puzzles, and figuring out how its machinery works through trial and error and careful note-taking, then putting your deductions into practice, is genuinely rewarding, assuming you enjoy that sort of thing.

    At same time, though, there’s just not a whole lot of there there. Certainly there’s no deeper meaning to be found; Myst never tries to be about more than exploring a striking environment and solving intricate puzzles. “When we started, we wanted to make a [thematic] statement, but the project was so big and took so much effort that we didn’t have the energy or time to put much into that part of it,” admits Robyn Miller. “So, we decided to just make a neat world, a neat adventure, and say important things another time.” And indeed, a “neat world” and “neat adventure” are fine ways of describing Myst.

GNU/Linux on Laptops/Desktops

  • DStv Now working on Linux streaming problems

    MyBroadband readers have complained of problems when trying to stream DStv Now on Linux devices. Previously, users running Linux operating systems were able to watch DStv Now through a web browser such as Chrome or Firefox. However, since the beginning of 2020, these users have been unable to watch shows on the platform, likely due to a change in the Widevine DRM system. Similar problems with international streaming platforms have been reported this year, indicating that the issue could be a common DRM issue rather than individual platform changes.

  • A Tale of Four Laptops, or, How Lenovo’s Digital River Customer Support Sucks

    In September, I made a mistake… We needed new laptops for Dmitry and Agata, and after much deliberation, we decided upon Lenovo Yoga C940’s. These are very cool devices, with HDR screens, nice keyboard, built-in pen, two-in-one convertible — everything in short for the discerning Krita hacker. I accidentally ordered the S940 instead — two of them. These are very awful devices, without a pen, no touch-screen, don’t fold, don’t have HDR, don’t even have normal USB ports. Overpriced, under-powered — why the heck does Lenovo call these Ideapads yoga’s? I have no idea. Well, no problem, I thought. I’ll just return them and ordered the C940 instead. The C940’s arrived in time for our BlenderCon sprintlet, and were all what one expected them to be. And I filled in Lenovo’s web form to return the S940’s. [...] I’ve bought Yoga’s, Thinkpads and even Ideapads in great numbers in the past twenty years… But I think it’s time to make a change.

  • Mesa's RADV Vulkan Driver Adding Compatibility For Use With The AMD Radeon GPU Profiler

    To date the Mesa "RADV" Radeon Vulkan driver hasn't supported AMD's GPUOpen Radeon GPU Profiler but that is changing. With RADV being developed by the community -- principally by the likes of Valve, Red Hat, and Google -- this Mesa Vulkan driver hasn't supported all of the tooling AMD makes available under the GPUOpen umbrella and is tailored for their official AMD Linux/Windows Vulkan drivers. While AMDVLK and the Radeon Software for Linux driver have supported the company's Radeon GPU Profiler, RADV is now adding compatibility for this profiler.

  • Intel Compute Runtime Adds OCLOC Multi-Device Compilation

    Version 20.07.15711 of the Intel Compute Runtime was released this morning. The Intel Compute Runtime 20.07.15711 is what principally provides their modern OpenCL implementation for Broadwell graphics hardware and newer with current at OpenCL 2.1 for all generations from Broadwell through the yet-to-be-released Gen12 Tiger Lake.

  • openSUSE Tumbleweed – Review of the week 2020/08

    After a week of hacking on different stuff and being in the background for Tumbleweed while Oliver took on the role of Release Manager, I am back with you. And we have released three snapshots this week (0214, 0218 and 0219). The gap between 0214 and 0218 was the integration of glibc 2.31. But of course, there was more happening this week. So here comes the list:

  • Fedora program update: 2020-08

    I have weekly office hours in #fedora-meeting-1. Drop by if you have any questions or comments about the schedule, Changes, elections, or anything else.