Threat Center Security News Hard Disk Encryption is Just a Hurdle Now?
Hard Disk Encryption is Just a Hurdle Now? Print E-mail
Written by Rebecca Mints   
Monday, 25 August 2008 09:49

Microsoft, Intel, HP, Lenovo and Leading Vendors Are Affected by a New Vulnerability That Allows Attackers to Bypass Hard-Disk Encryption Software, System Boot Passwords and Steal Confidential Data.

A new vulnerability was announced at Defcon 16, the world's leading security conference.

 

" This vulnerability allows attackers to steal computer boot passwords and bypass the security of pre-boot authentication software like hard disk encryption tools. It affects general computer users, enterprises, governments and can result in unauthorized access or theft of confidential data. Incidentally, in 2007 the global loss due to data theft is estimated to be USD 40 Billion."

- www.marketwatch.com

 

"Surprisingly, this vulnerability has been existing for 25 years." says Jonathan Brossard, iViZ lead security researcher and discoverer of this vulnerability. Programmers unaware of this security hole have coded boot password feature in such a way that user entered text do not get flushed from memory properly leading to inadvertent leakage and theft. Even hard-drive encryption does not help in this case," adds Mr. Brossard. This vulnerability affects Microsoft Bitlocker on the latest TPM (but not Vista SP1), Truecrypt, Intel/HP BIOS and several others.

 

WTW Threat Level