Bit locker security issues (easy to crack) disk encryption?
Bit locker security issues (easy to crack) disk encryption?
Problem 1: When the PC run I think its too easy to get malicious users (with usb pendrive) or spyware to get the encryption key (fast and easy)
youtube.com/watch?v=0npTlOq6q_0
Problem2:not resistant with bruteforce attacks
youtube.com/watch?v=zvaJxnvbGic
Problem 3: not resistant with boot hacking
Im using DriveCrypt plus pack and searched security issues in bit locker.The bit locker allow you the bruteforce/dic attack easy.I think It would be much safer 1. (I think the keys stored somewhere that is easily read) 2. Do not just be enough password
need a password+file combination to decrypt the disk. DriveCrypt plus pack use a file+password combination if you know the password but you wont have the file you can not decrypt the disk (protect with bruteforce attack).On system boot protected bruteforce
attak you can crash the (boot).If the boot system crash you can not decrypt the disk just the password you need the file+password combination plus to decrypt it. I am not a programmer but I see the BitLocker ( easy security catches to crack the disk encryption).Im
tested DriveCrypt and I can not get the key that easy (Problem 1). I have not tested it in greater depth just trying to (catches to crack software encryption).
Where is your question, sir?
If the question were "is it easy to crack", the answer is "no". Your videos make use of several assumptions and ingredients and permissions that a normal attacker does not have.
"Problem 3" is not clear, please describe what scenario you are talking about.
Similar Messages
-
Easy to crack an encrypted HDD - within 10 seconds ???
I was discussing hard drive encryption with a friend at school, and he told me no matter how strong a password or algorithm one uses to encrypt one's hard drive, the US government has software that can crack it within 10 seconds, and assured me he'd used such software while serving in the Army
Does anybody know anything about this?
Last edited by deltaecho (2008-09-07 20:56:48)Dusty wrote:I've never used it, but from what I've heard, I'd suggest TrueCrypt. Then he has to prove not only that he can decrypt the filesystem, but also that the filesystem exists.
I've used TrueCrypt for a couple years and followed its development. It's a good program, possibly the best.
skottish wrote:The US government has the keys to all commercially available encryption algorithms in the US (at least). That's why it's so easy.
Not necessarily "all commercial", but I wouldn't trust the companies farther than I can throw their CEOs. That the US Gov't has backdoor's into a lot -- no question about it. And it's not just domestic.
tonyisnt wrote:
I don't know about this. Would that work? Because isn't the Windows pagefile located on the hard drive, meaning that drive would have to be readable in the first place? RAM is obviously a different story.
I'm no expert on any of this, of course, it just doesn't sound like that method would work.
It's generally assumed that a major government agency/operation can get access to any machine they desire. Whether it be via remote exploit or simply breaking down the door. Scanning swapfiles is common, as is scanning an active machine's RAM space -- or at least writing it to disk and then analyzing it. -
Securing Content using File or Disk encryption
Hello,
I am looking for a method, to encrypt the devices or filels used by SAP storing the Oracle Database (for example EFS, PGPdisk, .....) Do SAP support any of these encryption tools?Check
Note 828268 - Oracle Database 10g: New functions
section "Oracle database security" for different methods of secure the database.
Markus -
Does anyone have any advice regarding 256 bit full disk encryption software for Macs? The other discussions on the topic are years old, so I would like some current input. Thanks for your help in advance.
Depending on your Mac, you might not want to upgrade to OS X 10.7 or 10.8 as it will not run the PowerPC based software your currently using costing a bundle to replace it all, also they will slow down your machine if it's not a more recent issue. You don't want to upgrade OS X without AppleCare defending your possibly bricked logicboard that's for sure.
Filevault encrypts the boot drive, however in doing so makes it near impossible to fix if you have a software issue and need to recover files directly or by using specialty software. Also it robs the machine of performance even more than the Lions do. So you will really need a SSD to work best with 10.7/10.8 and Filevault, then it has to be freshly installed. Filevault needs 50% free space on the boot drive, then it's going to write to the slower 50% half of the hard drive where performance is terrible compared to the first 50%.
Also Filevault is cracked under certain conditions, and if someone gets their hands on the machine (like the law) and knows what they are doing.
If you take your Filevaulted machine to Apple to fix, they are going to require the password to fix the machine obviously.
Software based encryption is vulnerable, you might want to instead place your sensitive data on external self-encrypting hardware that doesn't rely upon software or computer hacks/bypasses (ike freezing the RAM) to get to it.
http://www.datalocker.com/products/datalocker-dl3.html
Iron Keys for portable USB self encryption, both work with any computer, so your not locked into one platform.
With the senstive data off the computer and on a external device, there is the option of removing, hiding and securing the device. If used with a computer that's never connected to the Internet, it's safe from snoopers, except from a survelliance van parked outside your door. -
Problem with recovering data from Bit Locker enabled hard disk with bad sectors
Hi,
I have Lenovo T430 laptop with Windows 7 and Bit Locker enabled hard disk. While working I encountered blue screen error multiple times. After some time, the laptop stopped to boot by itself and started showing error 'A disk read write error has occurred.
Press Ctrl+Alt+Del to restart' message. I tried to connect the hard disk to a different PC as a secondary drive and tried to check the disk to recover the data. The 500 GB disk is showing as unallocated space and I am not sure how to recover the
data from the hard disk. Appreciate your help to recover the data from corrupted hard disk.
I used the Lenovo Diagnostics tools available in BIOS and it showed 48 bad sector errors on the hard disk. I also used Windows 7 CD and tried auto repair but it looks like it didn't do anything.
Thanks in advance!Hi SenneVL,
Since there are 48 bad sectors on your hard disk, this means the system can not boot any more, the data might not be restored in a normal way, you'd better turn to data restore company for help.
Regards
Wade Liu
TechNet Community Support -
Question on Bit Locker & IBM Client Security Solution CSS.
Since both Bit Locker and CSS use the TPM chip to store the key, can they both be used at the same time?
I can, idzham, but where do I find the .exe file for reinstalling it? Losing that key, and being completely locked out of my machine, concerns me.
-
Bit locker Mutliple Drives Mutliple OS's
I have a laptop with two hard drive in it. The primary has Windows 7 Enterprise and is a member of the corporate domain. The secondary has Server 2008 R2 and is a member of the lab domain. There is no trust or association between domain.
The laptop does the Windows multi-boot off the primary drive. I want to enable bit locker to secure the drives.
If the two windows environments were exclusively separate, setting up bit locker on each drive independently would be pretty straight forward, but when I'm in one OS, I will frequently need to get files and data from the other drive (and no, making each
drive big enough to hold all it's own data is not an option, plus the synchronization headache). Both drives will need to be bit locked to their respective OS, but the other drive will need to be accessible.
And not to make things too easy, the secondary drive, which i put in an optical drive bay carrier, routinely gets pulled (not while the system is running, of course) out and popped into a USB case to be used as a library transfer drive.
So....
the Windows 7 drive needs to be natively bit locked. and be accessible when running Windows 2008 from the second drive.
the Windows 2008 R2 drive needs to be natively bit locked, and be accessible when running Windows 7 from the first drive, and be accessible when run as a stand-alone USB drive on another system.
I would appreciate any wisdom you can share to make this all work. And please presume that i know next to nothing about installing and running bit locker, because that's pretty much true.
Let me know if you need more information about my configuration.
ThanksHi,
"and be accessible when run as a stand-alone USB drive on another system."
Firstly, if you enable bitlocker for one drive, it will be encrypted always until you decrypt it. Thus after you insert it to any system, it need to enter the credential to access it.
And then, if you want to access one drive in another computer, you need to get the shared permission. After you' re granted the sufficient permission, you could access it no matter if it's encrypted. Of course, another computer must be started.
Karen Hu
TechNet Community Support -
Hi, I forgot my memory stick code. My bit locker code letters wont show on screen, even when I cut and paste it all in nothing happens, is this a con to get me to download shite I don't want.
Hi Franko,
We discuss SQL Server PowerPivot for Excel related issue in this forum. According to your description, it is more related to Windows Security. I would suggest you discuss this issue at the following forum for better support:
Windows Security forum:
http://social.technet.microsoft.com/Forums/windows/en-US/home?forum=w7itprosecurity
Regards,
Elvis Long
TechNet Community Support -
Hi,
I am trying to turn on Bit locker for removal Disk, could not succeed. System says that, required services not enabled. I remember I changed the registry setting to disable to bit locker encryption. I do not re collect what I have changed. Could you
please let me know what setting value is to be set for enabling the Bit locker encryption.
Thanks
Sreekanth.Hi,
As narcoticoo mentioned, do we have TPM chip on the computer? Please take a look into Device Management, if the TPM driver is installed then it will show up in the Device Manager, under Security Devices as mentioned.
Please also take a look at the below article regarding how to turn on/off bitlocker without TPM:
How to trun on or off bitlocker without a TPM for Windows 7 Drive
Please note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy
of this information.
For more information regarding Bitlocker for Windows 7, please take a look at the article below:
BitLocker Drive Encryption Step-by-Step Guide for Windows 7
Hope this may help
Best regards
Michael Shao
TechNet Community Support -
Windows 8: Bit Locker encrypted drive "Access Denied" external drive
I rebuilt my computer and installed win 8.1 pro. Now my external drive comes up as an empty drive with "Access denied". Here is the kicker: I had turned off bitlocker on the external drive long ago as it interfered with automated backups.
Running the commands suggested here:
https://social.technet.microsoft.com/Forums/windows/en-US/738c1760-c96d-430f-9ae6-1f28f5c60998/windows-8-bit-locker-encrypted-drive-not-found-or-access-denied?forum=w8itprosecurity it shows the bitlocker but as unlocked. Drive still shows empty.
Any suggestions?
Thanks,
MarkusAhh, turns out to be permission issue not bitlocker (or maybe bitlocker caused it to lose permissions, don't know).
Opened MyPc, right click on drive ->properties->security->advanced and selected apply to all.
Markus -
Windows 8: Bit Locker encrypted drive "Not Found" or "Access Denied"
I just upgraded my Windows 7 Ultimate to Windows 8 Pro. C drive is not Bit locker protected, but D drive is. When I go to Computer and double click on D drive, it tells me one of two errors: 1) Application Not Found (more common), or 2) Access is Denied
(less common).
I thought maybe Bit locker wasn't working, but I plugged in my USB stick that is encrypted and had no issues; it asked for the password and opened the folder.
One thing I did earlier was to setup a new local account, give it administrator password, then delete the other account that I had originally used in Win7 (and in installing Win8). Maybe this caused some sort of security problem.
Please help.
Thanks.I have been using Bitlocker since it was available with Vista Ultimate. I have had the same password to unlock my drive for 5 years. I NEVER keep my recovery key this drive. but just last month i copied all my data to another drive formatted
it to freshen it up and copied it back over. For some reason i kept the recovery key TXT file.... when i tried your method here due to the same exact problem listed the command prompt would not allow me to enter a password in CMD or powershell. Since
i had the recovery key .. THANK GOODNESS it unlocked perfectly and i was able to retrieve my 6 years of Data. So yes, this works and works well. thank You! -
Samba 3.2.6 patch for security issue
I know the security issue is hard to trigger, but I created a new PKGBUILD for samba 3.2.6 containing the patch.
Excerpt from the patch commentary:
commit 288fa94ac7cfdf7457b5098c33fc840bed3d5410
Author: Michael Adam <[email protected]>
AuthorDate: Thu Dec 18 18:01:55 2008 +0100
Commit: Karolin Seeger <[email protected]>
CommitDate: Fri Dec 19 08:30:23 2008 +0100
smbd: prevent access to root filesystem when connecting with empty service name
This only applies to a setup with "registry shares = yes"
Michael
And here's the PKGBUILD:
# $Id: PKGBUILD 22200 2008-12-22 22:24:26Z tpowa $
# Maintainer: judd <[email protected]>
pkgname=samba
pkgver=3.2.6
# We use the 'A' to fake out pacman's version comparators. Samba chooses
# to append 'a','b',etc to their subsequent releases, which pamcan
# misconstrues as alpha, beta, etc. Bad samba!
_realver=3.2.6
pkgrel=2.1
pkgdesc="Tools to access a server's filespace and printers via SMB"
arch=(i686 x86_64)
url="http://www.samba.org"
license=('GPL3')
backup=(etc/logrotate.d/samba etc/pam.d/samba etc/samba/smb.conf etc/xinetd.d/swat etc/conf.d/samba)
depends=('db>=4.7' 'popt' 'libcups' 'acl' 'libldap' 'smbclient=3.2.6' 'libcap' 'heimdal>=1.2-1' 'pam' 'fam' 'gnutls>=2.4.1' 'tdb=3.2.6')
options=(!makeflags)
source=(http://us1.samba.org/samba/ftp/stable/${pkgname}-${_realver}.tar.gz \
no-clients.patch samba samba.logrotate swat.xinetd samba.pam samba.conf.d \
ftp://us1.samba.org/pub/samba/patches/security/samba-3.2.6-CVE-2009-0022.patch)
build() {
cd ${srcdir}/${pkgname}-${_realver}/source
patch -Np2 -i ${srcdir}/no-clients.patch || return 1
patch -Np2 -i ${srcdir}/samba-3.2.6-CVE-2009-0022.patch || return 1
./configure --prefix=/usr --with-configdir=/etc/samba \
--with-lockdir=/var/cache/samba \
--with-piddir=/var/run/samba \
--with-fhs --with-pam --with-ads --with-acl-support \
--without-cifsmount --without-libsmbclient \
--with-syslog --with-pam_smbpass \
--localstatedir=/var --disable-dnssd --libdir=/usr/lib/samba
make || return 1
mkdir -p ${pkgdir}/var/log/samba
mkdir -p ${pkgdir}/etc/samba/private
chmod 700 ${pkgdir}/etc/samba/private
make DESTDIR=$startdir/pkg install
chmod 644 ${pkgdir}/usr/include/*.h
rm -rf ${pkgdir}/usr/var
(cd script; cp installbin.sh i; cat i | sed 's/\/sbin\///' > installbin.sh)
install -D -m755 ../../samba ${pkgdir}/etc/rc.d/samba
install -D -m644 ../../samba.conf.d ${pkgdir}/etc/conf.d/samba
mkdir -p ${pkgdir}/etc/samba
cat ../examples/smb.conf.default | \
sed 's|log file = .*$|log file = /var/log/samba/log.%m|g' >${pkgdir}/etc/samba/smb.conf.default
install -D -m644 ../../samba.logrotate ${pkgdir}/etc/logrotate.d/samba
install -D -m644 ../../swat.xinetd ${pkgdir}/etc/xinetd.d/swat
install -D -m644 ../../samba.pam ${pkgdir}/etc/pam.d/samba
# symlink libs
for i in ${pkgdir}/usr/lib/samba/libsmbshare*; do
ln -sf samba/$(basename $i) ${pkgdir}/usr/lib/$(basename $i)
done
# spool directory
install -d -m1777 ${pkgdir}/var/spool/samba
sed -i 's|/usr/spool/samba|/var/spool/samba|g' ${pkgdir}/etc/samba/smb.conf.default
# fix logrotate
sed -i -e 's|log.%m|%m.log|g' ${pkgdir}/etc/samba/smb.conf.default
# nsswitch libraries
install -D -m755 nsswitch/libnss_wins.so ${pkgdir}/lib/libnss_wins.so
ln -s libnss_wins.so ${pkgdir}/lib/libnss_wins.so.2
install -D -m755 nsswitch/libnss_winbind.so ${pkgdir}/lib/libnss_winbind.so
install -D -m755 bin/pam_winbind.so ${pkgdir}/lib/security/pam_winbind.so
# remove conflict files of smbclient and tdb
for man in libsmbclient smbspool \
umount.cifs mount.cifs net; do
rm -f ${pkgdir}/usr/share/man/man8/${man}.8
done
for i in libnetapi* libtdb* libtalloc* libwbclient*; do
rm -f ${pkgdir}/usr/lib/samba/$i
done
rm -f ${pkgdir}/usr/bin/tdbbackup
rm -f ${pkgdir}/usr/include/{tdb.h,talloc.h,netapi.h}
for man in rpcclient smbcacls smbclient smbcquotas \
smbtree smbtar nmblookup smbget; do
rm -f ${pkgdir}/usr/share/man/man1/${man}.1
done
rm -f ${pkgdir}/usr/share/man/man7/libsmbclient.7
rm -f ${pkgdir}/usr/include/libsmbclient.h
md5sums=('0cd27c7afbb8211616eea4010f32271c'
'a676f0dde2c434aeb5125376b8797a64'
'e93533fa2296c07c1f645dfdd373657f'
'5697da77590ec092cc8a883bae06093c'
'a4bbfa39fee95bba2e7ad6b535fae7e6'
'96f82c38f3f540b53f3e5144900acf17'
'f2f2e348acd1ccb566e95fa8a561b828'
'e15ab37115101cf3a8d110f0c1f8e29e')
I think a security task force should be initiated (I know discussions existed, but I don't know what were the consequences), so that important packages (like those providing services) could be updated in a timely manner. This is a minor issue as I stated earlier, but it could be worse. Those interested, let's initiate a discussion with the developers of important packages and try to get some things working. People (mostly trusted users) who can generate early packages are welcome, so that they can provide early versions of unvulnerable packages.ckristi wrote:I don't know about other packages, but I believe when I checked the PKGBUILD for PHP, that the security fix was included in 5.2.7.
Check http://repos.archlinux.org/viewvc.cgi/p … iew=markup for more info.
And don't get me wrong, I am a little bit concerned about the way vulnerabilities are treated in Arch, 'cause my home server is running this distro.
And I really would think we should start some serious discussions about this security issues and the way they should be treated. I know the developers are doing their best and I'm not going to put fingers at all. They should be helped in maintaining packages for important services. We'll benefit from it and their tasks would be easier.
Why don't you start a wiki page tracking the latest vulnerabilities disclosed on various security mailing lists which are not fixed in arch. This will make it much easier for the devs.
This thing has been already discussed multiple times and already a wiki page exists for Arch Security Team but it seems nobody followed up with that.
http://wiki.archlinux.org/index.php/Security_Task_Force -
Security issues for Flash cookies, Local Shared Objects, .sol files
Good day, all
I just found out a bit about flash cookies from Wikipedia and http://epic.org/privacy/cookies/flash.html
I was wondering if there was a security issue with these (as opposed to privacy issues)?
It seems easy enough to prevent them being stored or delete them after they are set.
Thanks,
HughHello Patricia,
You wrote,
I came to this forum to see if I could find out how to delete adobe's flash cookies
You have to do it online via this website.
Macromedia's Website Storage Settings panel
Note: As the site says, the dialogue box is not an image, "it is the actual settings manager"
I just tried it out and deleted the flash content from How Stuff Works, then revisited the site (How Stuff Works) and it didn't add it back, so it seems to work as stated.
regards roam -
Is the Mac OS really this easy to crack?
My wife, a therapist, has been required to use computer equipment and file encription that is HIPAA compliant for medical privacy issues. She was told by her trainers that the mac had little to no security and was easily cracked. I was surprised and I told her the mac was pretty secure. I googled teh issue.
It would seem, from the following link, that I may have been very wrong. Is it really this easy to get into a stolen mac? Can the system password be so easily circumvented? If this is true, even I, who know next to nothing about computer programming, could hack a mac and get to all the data.
https://www.youtube.com/watch?v=qOq3aiRb57YThis is not specific to the Mac. Any time a hacker has physical access to any computer - Mac, Windows, Linux, whatever - data can be accessed almost trivially.
The only exception to this is data that is properly encrypted. Such data cannot be accessed by a hacker, provided that the encryption is strong, and that the password is strong and not stored somewhere that the hacker can access. On a Mac, you can accomplish this with FileVault, as Bob mentions. Automatic login must be disabled, and the user password must be strong. This will keep an attacker out of your data... unless they can get you to subvert your own system by installing malware, but that's very rare on the Mac. -
hi,
i recently formated my system. i lost my bit locker recovery key.
how to remove bit locker to the drive.
i tried these....
C:\Windows\System32>manage-bde -status J:
BitLocker Drive Encryption: Configuration Tool version 6.1.7600
Copyright (C) Microsoft Corporation. All rights reserved.
Volume J: [Label Unknown]
[Data Volume]
Size: Unknown GB
BitLocker Version: Windows 7
Conversion Status: Unknown
Percentage Encrypted: Unknown%
Encryption Method: AES 128 with Diffuser
Protection Status: Unknown
Lock Status: Locked
Identification Field: Unknown
Automatic Unlock: Disabled
Key Protectors:
Numerical Password
External Key
External Key
C:\Windows\System32>manage-bde -protectors j: -get
BitLocker Drive Encryption: Configuration Tool version 6.1.7600
Copyright (C) Microsoft Corporation. All rights reserved.
Volume J: [Label Unknown]
All Key Protectors
Numerical Password:
ID: {CA7EA469-38CE-4E7E-814D-292A06DF8819}
External Key:
ID: {D70EAC47-DEBB-480A-BFFC-E74479BDDBC1}
External Key File Name:
D70EAC47-DEBB-480A-BFFC-E74479BDDBC1.BEK
External Key:
ID: {2BD85A61-C76F-4433-8DE6-48651047AF6C}
External Key File Name:
2BD85A61-C76F-4433-8DE6-48651047AF6C.BEK
C:\Windows\System32>
how to solve these. help me
Hi,
If you lost recovery key and are unable to access the disk at this moment, then I'm sorry but I have to say that you're lost. If the data in that encrypted drive is very important for you, then you might need a data recovery center to help you.
Yolanda Zhu
TechNet Community Support
Maybe you are looking for
-
ACL Error when install Oracle 10G on Windows XP
I tried to install Oracle 10G Personal Edition on my Windows XP box. I see the following error in the log file: INFO: Calling Action w32OcxRegActions10.2.0.0.0 RegisterOCX OcxPath = C:\oracle\product\10.2.0\db_1\oraconfig\oraconfigps10.dll WorkingDir
-
HT204365 i can't open a pdf in my library
I have opened several pdfs in iBooks. I would like to view them again, but also they appear in the library, there does not appear to be any means to open them. Double-tapping, holding the icon down, nothing. What good is this app? i
-
G/L accounts for cost centre
Hi How to know the G/L accounts for cost centre. Regards, rajan
-
Processing on change of field values in internal table
I have a internal table eg id type keyword 1 1 report 1 1 program n02 4 event n02 5 loop n0
-
Windows to Mac...Finding running apps
Hey ya'll.... I've had my MacBook for about 6 months now....and because I was a total windows user, I am still trying to get the keys and functions memorized. On windows, when you press CtrlAltDel, everyone knows that a window pops up where you can q