Nov 2015 Update – It seems bitlocker sans pre-boot has been trivially insecure for some time according to Synopsys hacker Ian Hakan, who found a simple way to change the Windows password and thus allow access to data even while Bitlocker was active.
So, with the forthcoming release of Windows 7, the ugly beast known as “Bitlocker” has reared its head again.
For those of you who were around during the original release of Bitlocker, or as it was known then “Secure Startup”, you’ll remember that it was meant to completely eliminate the necessity for third party security software. Yes, Bitlocker was going to secure our machines against all forms of attack and make sure we never lost data again.
A long while ago, probably back in 2006 I wrote an article about how to add WinTech (the diagnostic and disaster recovery toolkit for the “SafeBoot”, or McAfee Endpoint Encryption for PCs) to a BartPE CD Image. At the time WinPE was only available to system integrators, and not to the likes of you and me. The steps to create custom WinPE CDs were obtuse, thanks mainly to a lack of documentation from Microsoft as to how WinPE worked, and thus many people migrated to the simple and easy BartPE system.I wanted to provide an easy way for people to make these useful bootable recovery CDs Read more…
Further to my post on S.M.A.R.T, I got around to making a simple little HTA which uses my SMART class to display useful info on your drives. You can get it from CTOGoneWild. It gives you an example of how to make a useful HTA, and how to embed VBScript classes in a way where they can be used in either a normal VBScript, or a HTA itself. You can also find the SmartDump script which does much the same thing, but outputs to a file name (either set on the command line, or in the script itself).
A busy week in the world of data loss, with the report from the Army National Guard Leaders that a personal laptop containing the records of 131,000 former and current guard members was stolen from a contractor on 27th July 2009. The information included the usual culprits – Name, Address, Social Security Number etc.
What this information was doing on a contractors personal device, and not locked up and restricted is undisclosed, but the important thing is that the Army Guard is showing it’s eagerness to resolve the situation and protect its members. Read more…
This weeks flame war between TrueCrypt and Peter Kleissner had me both upset and laughing at the same time.
For a start, hats off to young Peter (18 years old according to his site), who recently presented at Black Hat his concept for a “universal rootkit” exploit, which, using that older-than-he-is technology of MBR replacement, manages to subvert Windows in such a way as to be able to drop a payload into memory as the computer boots.
I’m not sure, but isn’t that what MBR viruses have done since day one? I guess Peter agrees because his new “Stoned Bootkit” rootkit is named “Stoned” in homage to one of the original MBR Viruses of 1987 Read more…