Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:TV BS (Score 1) 219

Audiences do not like having this distorted version of reality shoved down their throats.

An audience can leave or complain. A television cannot compel viewership.

Those who choose to watch obviously value watching and reacting---more than anything else they could be doing at the time.

So the idea of "shoved down their throats" really only applies to the meanest, loneliest malcontents who watch things they find repulsive in order to perpetuate their bitterness and anger.

Comment Re:Are you doing it (BitLocker) right? (Score 2) 138

You are wrong. I suggest reading Microsoft's documentation regarding "key protectors" if anything I say is confusing.

The Windows updater runs as system, which means it can do anything an administrator can do.

An administrator can suspend Bitlocker, which temporarily stores the volume encryption key in cleartext so that it will automatically mount.

It is easily conceivable that Windows Update is preparing the updates, suspending Bitlocker, rebooting, completing the installation, and reenabling Bitlocker.

Also, note that the TPM never stores the key that encrypts the user data on the hard drive (the volume encryption key). The TPM is given a key protector container on the hard drive, which grants it access to the volume encryption key. That volume key is always stored on the hard drive.

Comment Re: It's been "broken" for a while now (Score 1) 138

As with most full-disk encryption packages (including LUKS), the volume encryption key is stored on the hard drive. All system/user data is encrypted with this key.

The software creates a copy of the volume key for each user. Their copies are encrypted with either their passwords or their private keys.

Encryption users do not necessarily map to user accounts. The TPM is also a user in this context---it uses its private key in whatever manner it was configured, typically after receiving a valid PIN via the keyboard.

Bitlocker encryption can be suspended by creating a cleartext copy of the volume key in one of the containers where user keys are normally stored. An administrator can do this from the command line, and apparently Windows Update can as well. Reenabling Bitlocker scrubs the cleartext copy.

Since encryption/decryption is happening in the background 24/7 while the system is running, the volume key is always somewhere in memory and thus the OS always has access to it.

Comment Re: Only the lazy and terminally lame dont know? (Score 1) 138

Bitlocker can use a public/private key pair or a password to protect the volume encryption key.

The TPM's private key does not have to be given access to the volume encryption key. It can be kept on a USB drive.

Or it can be used with only a password, and then the only means of unlocking the drive is inside your head.

Key protectors can be added/removed via the command line. It takes less than a minute.

Comment Re:Something Smells Fishy (Score 4, Informative) 138

You obviously have no idea how Bitlocker works. It is architecturally similar to many other full-disk encryption packages.

There is a volume encryption key which is used to encrypt the user data on the disk. This key is generally used with a fast symmetric cipher like AES. Once the initial volume encryption is completed, all reads/writes require the key to encrypt or decrypt the data.

The volume encryption key is encrypted with the public key or password for each unique user. Thus, each user has his own means of accessing the volume key, which must be the same for everyone. There is an encrypted copy of the volume key on the hard drive for every user. It could be one, or it could a hundred. (In most enterprises, the TPM is also a "user" who can unlock the drive with its key.)

In this case, the disk can be temporarily "unlocked" if an administrator suspends Bitlocker. When Bitlocker is suspended, the volume encryption key is stored in a cleartext container on disk. That volume will automatically unlock until Bitlocker protection is reenabled, which scrubs the cleartext key.

Microsoft should require administrator consent before suspending Bitlocker, so this is more of a design flaw than an exploit. Manually suspending Bitlocker does require administrator privileges.

Comment Re:Something Smells Fishy (Score 1) 138

Either the bypass demonstrated here authenticates in some way

The updater probably just suspends Bitlocker protection during the reboot. This makes the volume encryption key temporarily available without authentication. An administrator can do the same thing by suspending Bitlocker from the command line.

I assume the updater will automatically reenable protection once the installation completes.

Comment Re:Why not Windows 10 Mobile on x86? (Score 1) 123

Because Intel's mobile SOCs are getting into budget devices and little else.

None of the phone vendors has much interest in moving away from ARM, and Microsoft isn't big enough in mobile to make them do it.

So, Microsoft can either play nice with ARM hardware or wither further into irrelevance (in the mobile market).

Most workstations have ample CPU power to emulate ARM apps---it makes sense to extend cross-platform support in this manner rather than trying to shoehorn a new ISA into a market where they have minimal presence.

To this day, Windows has a hardware abstraction layer below the kernel from back when they wanted to run on Alpha CPUs. Native ARM support is possible if they ever decide it's worthwhile.

Comment Some progress, but nothing game-changing (Score 1) 194

I like the container/sandbox work in Edge. I don't use the browser myself, but I like that there's better security in the OS default browser.

The efforts on Windows Defender are OK. Enterprise already has its own host protection, as do expert users. Any improvement is good for the masses though.

Overall, this doesn't really make Windows 10 much more appealing, but it's a step in the right direction.

Comment Re:We know because we're DOING it! (Score 1) 488

Filter out:

1. Anything that is a duplicate of previously reviewed messages (per the method suggested in the OP)

2. Anything not sent to/from Clinton (this is Weiner's device and thus may contain a myriad of irrelevant messages, potentially disgusting ones)

3. Anything that does not mention sensitive topics (FBI is looking for classified material, not mapping the internal relationships of the Clinton Foundation)

Of the messages on the device, I expect only a small handful would be addressed to Clinton personally. And even if there is evidence of other shady activity, it is not relevant to the investigation of classified information handling.

That said, it is entirely possible that this collection of email could result in another investigation. If the FBI decides to dig through the emails in detail, they may uncover other information they wish to pursue. Maybe they won't bother due to legal technicalities---I'm not a lawyer, so I don't know what limitations they face for evidence collected in this situation.

Comment Re:Let me get this straight. (Score 2) 32

I have no idea why this was modded up when it so obviously wrong.

If you understand how the product works (at a level that allows you to configure it properly), you know that it is doing exactly that. It prevents malware from exploiting existing vulnerabilities. This protection can be applied to Windows itself as well as 3rd-party applications.

As with any security hardening, there is a substantial risk of compatibility issues. Testing and policy exclusions will be necessary in any real production environment.

And lest there be an argument:

"The Enhanced Mitigation Experience Toolkit (EMET) is a utility that helps prevent vulnerabilities in software from being successfully exploited."

From the actual EMET support page at https://support.microsoft.com/... (which took half a second to google)

Comment Re:How about just FIXING THE BUGS (Score 1) 32

A mitigation offers protection against unpatched and unknown bugs.

This is especially important because most bugs are known for a significant period of time before a patch can be written and tested by the vendor. Even if Microsoft discovers a bug itself and patches it before CVE publication, it is still possible for an outside entity to have discovered and exploited that bug beforehand.

Also, some attackers are reverse engineering patches to develop malware. In most enterprises there is a noticeable gap between patch release and 100% deployment. Mitigations offered by EMET, IPS, antivirus, etc are crucial during this testing/rollout window.

Comment Re:Now put it to good use! (Score 1) 98

It will be decades before artificial stupidity is anywhere near natural stupidity on any metric.

Natural stupidity is surprisingly flexible and resilient---it can crop up anywhere and is almost impossible to stop.

Artificial stupidity requires significant investment and evolutionary design before it can approach the persistence and impact we see naturally.

Comment Trust Your Engineers... (Score 1) 239

The company wants a network that never goes down---a very challenging project.

Then it prohibits the engineers from implementing the solution they chose.

So management is demanding a high-grade service and refusing the method chosen by their experts? I assume the engineering team would also be blamed when the service failed to perform as expected.

I would quit too. You don't get to ignore a consensus of experts and then hold them accountable for result. If they're skilled enough that you ought to be listening to them, they can find something better when you treat them like wage slaves.

Slashdot Top Deals

Advertising is the rattling of a stick inside a swill bucket. -- George Orwell

Working...