• Hey Guest. Check out your NeoGAF Wrapped 2025 results here!

Microsoft screws up security encryption again, now it's Bitlocker

winjer

winjer

Gold Member




The hacker group Chaotic Eclipse, also known as Nightmare-Eclipse, has released two new Windows exploits called YellowKey and GreenPlasma. >YellowKey bypasses BitLocker encryption on Windows 11 and newer server versions by copying a special folder to a USB drive or the EFI partition and then rebooting while holding certain keys to gain full access to the locked drive. >GreenPlasma lets users gain higher system access through a CTFMON method that affects Windows 11 and some servers, with only part of the code shared as a challenge for others. In a signed blog post, the group warned Microsoft directly that the next Patch Tuesday will have a big surprise for them. They said they have never failed to deliver on a promise, noted their unhappiness with how Microsoft handled their past reports, and chose not to target Defender this time.
Click to expand...

If anyone needed another reason not to use Bitlocker, here it is.
 
I still remember the interview when this was new, and the MS rep refused to answer a direct question as to whether MS themselves could ever get past the encryption, while flogging other encryption methods as outdated. It just screamed "move all your shit to the new, more secure encryption we built a backdoor into". Who uses it? Who even cares?
 
BlackTron said:
I still remember the interview when this was new, and the MS rep refused to answer a direct question as to whether MS themselves could ever get past the encryption, while flogging other encryption methods as outdated. It just screamed "move all your shit to the new, more secure encryption we built a backdoor into". Who uses it? Who even cares?
Click to expand...

The answer is simple. They can, because they store the encryption keys in their servers, not on your PC.

www.forbes.com

Microsoft Gave FBI BitLocker Encryption Keys, Exposing Privacy Flaw

The tech giant said providing encryption keys was a standard response to a court order. But companies like Apple and Meta set up their systems so such a privacy violation isn’t possible.
www.forbes.com www.forbes.com
 
winjer said:
The answer is simple. They can, because they store the encryption keys in their servers, not on your PC.

www.forbes.com

Microsoft Gave FBI BitLocker Encryption Keys, Exposing Privacy Flaw

The tech giant said providing encryption keys was a standard response to a court order. But companies like Apple and Meta set up their systems so such a privacy violation isn’t possible.
www.forbes.com www.forbes.com
Click to expand...

LOL. I'm really not even that knowledgeable about it, because I just dropped attention totally from the outset, but it's exactly what I'd have expected. You got the feeling, back then, that MS put some kind of pressure or offered cash to the guy behind TrueCrypt to discontinue it and endorse theirs on its web site, to funnel people away from actual security.
 
MS is failing big lately. Broken Windows updates. Teams and Office 365 are getting worse and worse. Now this.
But they still don't get the attention Apple is getting when they screw things up. Why is that?
 
iu


Is this 'feature' the "enhanced security" that this message is always telling me about?
Grin Smile GIF by iQiyi


Win 10 LTSC until they pry it from my cold dead fingers.
 
I've always thought it a bit weird that the Dell update software could suspend Bitlocker to install updates for a reboot. 3rd party software having that control feels exploitable as well.
 
You must log in or register to reply here.

Similar threads

In-Home Security Cameras
46
801
Unknown? replied
GAF keeps asking me for security verification
5
106
Trilobit replied
LG webOS TVs are now installing Microsoft Copilot automatically with no option to remove it
News  2
65
2K
Hookshot replied
Netflix price increase again.
49
700
AJUMP23 replied
Jordan Peterson MIA again, indefinitely
2
56
722
MagusMajul replied
Top Bottom