Support NeoGAF

winjer · 2026-05-13T11:56:56+0100

The hacker group Chaotic Eclipse, also known as Nightmare-Eclipse, has released two new Windows exploits called YellowKey and GreenPlasma. >YellowKey bypasses BitLocker encryption on Windows 11 and newer server versions by copying a special folder to a USB drive or the EFI partition and then rebooting while holding certain keys to gain full access to the locked drive. >GreenPlasma lets users gain higher system access through a CTFMON method that affects Windows 11 and some servers, with only part of the code shared as a challenge for others. In a signed blog post, the group warned Microsoft directly that the next Patch Tuesday will have a big surprise for them. They said they have never failed to deliver on a promise, noted their unhappiness with how Microsoft handled their past reports, and chose not to target Defender this time.

If anyone needed another reason not to use Bitlocker, here it is.

EviLore · 2026-05-13T12:29:02+0100

Set a flag to 1. Amazing security design

BlackTron · 2026-05-13T12:32:02+0100

I still remember the interview when this was new, and the MS rep refused to answer a direct question as to whether MS themselves could ever get past the encryption, while flogging other encryption methods as outdated. It just screamed "move all your shit to the new, more secure encryption we built a backdoor into". Who uses it? Who even cares?

winjer · 2026-05-13T12:44:45+0100

BlackTron said:
I still remember the interview when this was new, and the MS rep refused to answer a direct question as to whether MS themselves could ever get past the encryption, while flogging other encryption methods as outdated. It just screamed "move all your shit to the new, more secure encryption we built a backdoor into". Who uses it? Who even cares?

The answer is simple. They can, because they store the encryption keys in their servers, not on your PC.

Microsoft Gave FBI BitLocker Encryption Keys, Exposing Privacy Flaw

The tech giant said providing encryption keys was a standard response to a court order. But companies like Apple and Meta set up their systems so such a privacy violation isn’t possible.

www.forbes.com

BlackTron · 2026-05-13T12:50:01+0100

winjer said:
The answer is simple. They can, because they store the encryption keys in their servers, not on your PC.

Microsoft Gave FBI BitLocker Encryption Keys, Exposing Privacy Flaw

The tech giant said providing encryption keys was a standard response to a court order. But companies like Apple and Meta set up their systems so such a privacy violation isn’t possible.

www.forbes.com

LOL. I'm really not even that knowledgeable about it, because I just dropped attention totally from the outset, but it's exactly what I'd have expected. You got the feeling, back then, that MS put some kind of pressure or offered cash to the guy behind TrueCrypt to discontinue it and endorse theirs on its web site, to funnel people away from actual security.

DenchDeckard · 2026-05-13T12:52:02+0100

AI programming. Gg

AJUMP23 · 2026-05-13T12:53:52+0100

Outsourcing to low cost developers creates high cost problems.

Brucey · 2026-05-13T14:17:26+0100

EviLore said:
Set a flag to 1. Amazing security design

Hear you.

deriks · 2026-05-13T14:47:49+0100

Bitlocker was always bullshit in first place, so eh

I understand for enterprises, but for personal use is just plain bullshit

winjer · 2026-05-13T14:52:31+0100

deriks said:
Bitlocker was always bullshit in first place, so eh

I understand for enterprises, but for personal use is just plain bullshit

For enterprises is much worse, as this is not a secure feature.

BlackTron · 2026-05-13T17:29:45+0100

deriks said:
Bitlocker was always bullshit in first place, so eh

I understand for enterprises, but for personal use is just plain bullshit

You encrypting anything personal more important than what corporations have? That's impressive

Fake · 2026-05-13T18:37:37+0100

Microsoft needs to put a panel showing instead of 'days without accident', days without fucking up Windows.

Trunx81 · 2026-05-13T18:39:39+0100

MS is failing big lately. Broken Windows updates. Teams and Office 365 are getting worse and worse. Now this.
But they still don't get the attention Apple is getting when they screw things up. Why is that?

Zacfoldor · 2026-05-13T18:40:17+0100

DenchDeckard said:
AI programming. Gg

Don't blame AI, they have been screwing up Windows for generations.

winjer · 2026-05-13T18:42:28+0100

Trunx81 said:
But they still don't get the attention Apple is getting when they screw things up. Why is that?

Probably because everyone already expects MS to screw up. Again and again.
Its like saying water is wet.

Soodanim · 2026-05-13T18:44:35+0100

BlackTron said:
You encrypting anything personal more important than what corporations have? That's impressive

Importance is subjective and securing your own files/data is less impactful than securing an entire corporation's network of systems.

Pejo · 2026-05-13T18:47:17+0100

Is this 'feature' the "enhanced security" that this message is always telling me about?

Win 10 LTSC until they pry it from my cold dead fingers.

moogman · 2026-05-13T18:47:24+0100

I've always thought it a bit weird that the Dell update software could suspend Bitlocker to install updates for a reboot. 3rd party software having that control feels exploitable as well.

diffusionx · 2026-05-13T18:49:46+0100

H1B and vibecoding, name a more incompetent combo, I'll wait

Support NeoGAF

Microsoft screws up security encryption again, now it's Bitlocker

Gold Member

Expansive Ellipses

Member

Gold Member

Member

Moderated wildly

Parody of actual AJUMP23

Member

4-Time GIF/Meme God

Gold Member

Member

Member

Member

Gold Member

Gold Member

Member

Gold Member

Member

Gold Member

Similar threads