I think the Bitlocker "vuln" is a good reminder not to use vendor provided encryption for any sensitive data. https://github.com/Nightmare-Eclipse/YellowKey/ You load a specific file onto a flash drive, plug it into a Bitlocker encrypted computer, reboot it while holding a key combination, and it pops up a command prompt with full access to the encrypted volume. There's no way this isn't a backdoor.
> I think the Bitlocker "vuln" is a good reminder not to use vendor provided encryption for any sensitive data
I don't think that's true. Some vendors have a better track record than others. Nobody's popped the storage encryption on iOS or MacOS devices yet AFAIK; and the fact that it's tied to a hardware secure element makes it pretty strong.
That warning also doesn’t render right on my
iPhone (the buttons are overlapping slightly), and I don’t recall seeing it on other repos. Is it new/bespoke?
I think the Bitlocker "vuln" is a good reminder not to use vendor provided encryption for any sensitive data. https://github.com/Nightmare-Eclipse/YellowKey/ You load a specific file onto a flash drive, plug it into a Bitlocker encrypted computer, reboot it while holding a key combination, and it pops up a command prompt with full access to the encrypted volume. There's no way this isn't a backdoor.
> I think the Bitlocker "vuln" is a good reminder not to use vendor provided encryption for any sensitive data
I don't think that's true. Some vendors have a better track record than others. Nobody's popped the storage encryption on iOS or MacOS devices yet AFAIK; and the fact that it's tied to a hardware secure element makes it pretty strong.
Oh cool. My brother's old laptop is locked. Maybe this will help
Only affects win11
It's so obvious that many of the bugs being found are/were most likely M$ backdoors.
There doesn't seem to be any other plausible explanation. The reckoning needs to come and people need to stop using their products for good.
Would love a whistleblower to explain which part of the government or company forced it.
Haven't there been heaps of vulnerabilities cropping up all over recently, including CopyFail and Dirty Frag?
So weird that GitHub requires a login to view their BlueHammer repo.
https://github.com/Nightmare-Eclipse/BlueHammer
That warning also doesn’t render right on my iPhone (the buttons are overlapping slightly), and I don’t recall seeing it on other repos. Is it new/bespoke?
Could the Bitlocker vulnerability be a backdoor mandated by some government agency?
Laid off Microsoft researcher?
Related:
YellowKey Bitlocker Bypass Vulnerability
https://news.ycombinator.com/item?id=48114997
i think so~